From nobody Tue May 3 12:43:23 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 988E012D82A for ; Tue, 3 May 2016 12:43:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.011 X-Spam-Level: X-Spam-Status: No, score=-1.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=standardstrack.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cBjuJQkGdGyE for ; Tue, 3 May 2016 12:43:14 -0700 (PDT) Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.247.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1853C12D7BC for ; Tue, 3 May 2016 12:43:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=To:References:Message-Id:Date:From: Content-Type:Mime-Version:Subject; bh=9KSsL3KEBUwXSeDHiF0qhNdIinlu1WoZzUIdlchUiYQ=; b=n7q/1S1bX6CdccGS98Tqz/YwWw 73iW6kZ2m2bWLKLnuHu0mMdhtsoiRsiqDfNBIskzaxBwHDWr1w0KbKa2je/FAvEGdmJgDwsHHHn0d geB5H25SU6zf/rOKKQdqp5OLG8dY8AB0rCUF6oBo3Yf9NaY8c/2+6k+HCD0COyuPEYNs=; Received: from [141.161.133.251] (port=43293 helo=[10.129.224.95]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86_1) (envelope-from ) id 1axgDt-0007HZ-Fx for lurk@ietf.org; Tue, 03 May 2016 12:43:13 -0700 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: multipart/signed; boundary="Apple-Mail=_10410AE0-A1E5-427C-8989-004D0E518DD1"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Pgp-Agent: GPGMail 2.6b2 From: Eric Burger X-Priority: 3 X-Mail-Calendar-Part: Yes Date: Tue, 3 May 2016 15:43:08 -0400 Message-Id: <82B0782E-9210-4AAC-9D8F-D1C18F5577EC@standardstrack.com> References: <1141578783.9237.1462304489623.JavaMail.nobody@jva2tc103.webex.com> To: LURK BoF X-Mailer: Apple Mail (2.3124) X-OutGoing-Spam-Status: No, score=-2.9 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - standardstrack.com X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed X-Authenticated-Sender: biz104.inmotionhosting.com: eburger@standardstrack.com X-Source: X-Source-Args: X-Source-Dir: Archived-At: Subject: [Lurk] WebEx meeting invitation: Interim LURK BOF X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2016 19:43:15 -0000 --Apple-Mail=_10410AE0-A1E5-427C-8989-004D0E518DD1 Content-Type: multipart/alternative; boundary="Apple-Mail=_035154BE-DBE1-4F60-B706-F2030D0FC098" --Apple-Mail=_035154BE-DBE1-4F60-B706-F2030D0FC098 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Interim LURK BOF Wednesday, June 1, 2016 9:00 am | Eastern Daylight Time (New York, GMT-04:00) | 3 hrs Join WebEx meeting = Meeting number: 644 206 627 Meeting password: nothing Join by phone 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Access code: 644 206 627 Toll-free calling restrictions = Add this meeting = to your calendar. (Cannot add from mobile devices.) Need help? Go to http://help.webex.com . IMPORTANT NOTICE: Please note that this WebEx service allows audio and = other information sent during the session to be recorded, which may be = discoverable in a legal matter. By joining this session, you = automatically consent to such recordings. If you do not consent to being = recorded, discuss your concerns with the host or do not join the = session. --Apple-Mail=_035154BE-DBE1-4F60-B706-F2030D0FC098 Content-Type: multipart/mixed; boundary="Apple-Mail=_FB859498-BFE2-4E17-AE39-A34594175338" --Apple-Mail=_FB859498-BFE2-4E17-AE39-A34594175338 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Interim LURK = BOF
Wednesday, June 1, 2016
9:00 am  |  Eastern Daylight Time (New = York, GMT-04:00)  |  3 = hrs
 
Join WebEx meeting
Meeting number:644 206 627
Meeting password:nothing
 
Join by phone
1-877-668-4493 Call-in toll free = number (US/Canada)
1-650-479-3208 Call-in toll = number (US/Canada)
Access code: 644 206 627
Toll-free calling = restrictions
 
Add this = meeting to your = calendar. (Cannot add from mobile = devices.)
 
Need help? Go to http://help.webex.com.
 
IMPORTANT NOTICE: Please note that this WebEx = service allows audio and other information sent during the session to be = recorded, which may be discoverable in a legal matter. By joining this = session, you automatically consent to such recordings. If you do not = consent to being recorded, discuss your concerns with the host or do not = join the = session.
= --Apple-Mail=_FB859498-BFE2-4E17-AE39-A34594175338 Content-Disposition: attachment; filename=WebEx_Meeting.ics Content-Type: text/calendar; name="WebEx_Meeting.ics" Content-Transfer-Encoding: quoted-printable BEGIN:VCALENDAR=0APRODID:-//Microsoft=20Corporation//Outlook=2010.0=20= MIMEDIR//EN=0AVERSION:2.0=0AMETHOD:REQUEST=0ABEGIN:VTIMEZONE=0A= TZID:Eastern=20Time=0ABEGIN:STANDARD=0ADTSTART:20141101T020000=0A= RRULE:FREQ=3DYEARLY;INTERVAL=3D1;BYDAY=3D1SU;BYMONTH=3D11=0A= TZOFFSETFROM:-0400=0ATZOFFSETTO:-0500=0ATZNAME:Standard=20Time=0A= END:STANDARD=0ABEGIN:DAYLIGHT=0ADTSTART:20140301T020000=0A= RRULE:FREQ=3DYEARLY;INTERVAL=3D1;BYDAY=3D2SU;BYMONTH=3D3=0A= TZOFFSETFROM:-0500=0ATZOFFSETTO:-0400=0ATZNAME:Daylight=20Savings=20Time=0A= END:DAYLIGHT=0AEND:VTIMEZONE=0ABEGIN:VEVENT=0AATTENDEE;CN=3D"LURK=20= BOF";ROLE=3DREQ-PARTICIPANT;RSVP=3DTRUE:MAILTO:lurk-chairs@ietf.org=0A= ORGANIZER;CN=3D"LURK=20BOF":MAILTO:lurk-chairs@ietf.org=0A= DTSTART;TZID=3D"Eastern=20Time":20160601T090000=0ADTEND;TZID=3D"Eastern=20= Time":20160601T120000=0ALOCATION:https://ietf.webex.com/ietf=0A= TRANSP:OPAQUE=0ASEQUENCE:1462304489=0A= UID:7dacf163-e478-4dfd-8493-25907a99cde1=0ADTSTAMP:20160601T130000Z=0A= DESCRIPTION:\n\n\nJOIN=20WEBEX=20= MEETING\nhttps://ietf.webex.com/ietf/j.php?MTID=3Dmf864c237d45f12f236fd361= 0f7cce761\nMeeting=20number:=20644=20206=20627\nMeeting=20password:=20= nothing\n\n\nJOIN=20BY=20PHONE\n1-877-668-4493=20Call-in=20toll=20free=20= number=20(US/Canada)=20\n1-650-479-3208=20Call-in=20toll=20number=20= (US/Canada)\nAccess=20code:=20644=20206=20627\n\nToll-free=20dialing=20= restrictions:=20= \nhttps://www.webex.com/pdf/tollfree_restrictions.pdf\n\n\n\nCan't=20= join=20the=20meeting?=20Contact=20support=20= here:\nhttps://ietf.webex.com/ietf/mc\n\n\nIMPORTANT=20NOTICE:=20Please=20= note=20that=20this=20WebEx=20service=20allows=20audio=20and=20other=20= information=20sent=20during=20the=20session=20to=20be=20recorded,=20= which=20may=20be=20discoverable=20in=20a=20legal=20matter.=20By=20= joining=20this=20session,=20you=20automatically=20consent=20to=20such=20= recordings.=20If=20you=20do=20not=20consent=20to=20being=20recorded,=20= discuss=20your=20concerns=20with=20the=20host=20or=20do=20not=20join=20= the=20session.\n=0AX-ALT-DESC;FMTTYPE=3Dtext/html:=09 
=20=09=09Join=20= WebEx=20meeting=09=09=09=09=09=09=09=09=09=09=09=09= =09=09=09=09=09= =09=09=09=09= =09=09=09
=09=09=09=09=09=09Meeting=20number:=09=09=09=09=09=09=09=09=09=09=09644=20206=20627=09=09=09=09=09
=09=09=09
Meeting=20= password:nothing
=09=09 
 
Join=20by=20phone =20
1-877-668-4493 Call-in=20toll=20= free=20number=20(US/Canada) =20
1-650-479-3208 Call-in=20toll=20= number=20(US/Canada) =20
Access=20code:=20644=20206=20= 627 =20
Toll-free=20calling=20= restrictions=20 =20


=09 
=09= =09=09=09=09= Can't=20join=20the=20meeting?=09=09Contact=20support.=09=  
 
IMPORTANT=20NOTICE:=20Please=20note=20that=20this=20WebEx=20= service=20allows=20audio=20and=20other=20information=20sent=20during=20= the=20session=20to=20be=20recorded,=20which=20may=20be=20discoverable=20= in=20a=20legal=20matter.=20By=20joining=20this=20session,=20you=20= automatically=20consent=20to=20such=20recordings.=20If=20you=20do=20not=20= consent=20to=20being=20recorded,=20discuss=20your=20concerns=20with=20= the=20host=20or=20do=20not=20join=20the=20session.=0A= SUMMARY:Interim=20LURK=20BOF=0APRIORITY:5=0ACLASS:PUBLIC=0ABEGIN:VALARM=0A= TRIGGER:-PT5M=0AACTION:DISPLAY=0ADESCRIPTION:Reminder=0AEND:VALARM=0A= END:VEVENT=0AEND:VCALENDAR=0A= --Apple-Mail=_FB859498-BFE2-4E17-AE39-A34594175338 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii

--Apple-Mail=_FB859498-BFE2-4E17-AE39-A34594175338-- --Apple-Mail=_035154BE-DBE1-4F60-B706-F2030D0FC098-- --Apple-Mail=_10410AE0-A1E5-427C-8989-004D0E518DD1 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXKP9MAAoJEORoZaSQsc1IMxMP/2WEbJvUqiMaDR9gzmEJkm6G OHEDLc79uSRlkbdCc8Rjt+qyWce7z9M2Tv9ev0tKADvGVvs//Q/zmqHnxCXVF9QC TDlIJTAP4+siMblzn9gr3Tpd2L2dIQhIdka1+elAsC9sxwzUdHsR4x9l/5lszirK fZekuAK1/AMuTHofsr/cxIxhUuJ/Q+K4dZUg1NHM3rEWfu2YwFRV0zfcQ/tE3ds3 ocKfGspqDRz2e4SiTu7bmsxbPAEgW1hRbNz80J1v/S/edBux1Heo/bU0BzgS98pf IemCdsd8bZKDHzpTiAaSfrZp5efYvv/BqirzM5RuIQfJhQyXwAH/PnQTqFW+/gfF UDxGwpy2oeQJHE8x2t7yOnLD0x59L5hPXUqehT9eD5YHRyrbdd0g1SaZBxbpcS/j evrf5NXb4MwPYhIWr85soLm64vFOxZIuqeYaX1rhERB8YqeiJeTrHi2VFSPi/71Q X+BhjtgzWQPXnDR1j/8upS/YsNrtQQZ5fIVEXruwpXj/jDoTEmprIWxzihsEwVen 4jSoHs70RLyylbCGwvFGgzW7i3vZMPi0zeIVP3kE6l/+qiXsbcPihq103mg+NHy0 N7g6LHxCDx7RNkHYm6U/eom0QrpY7PvAIGsKJOxCMRwN0mQ0RmMzOjw7VybnE4lL Jm3T0NBJijqBY/iFrxt+ =dvEo -----END PGP SIGNATURE----- --Apple-Mail=_10410AE0-A1E5-427C-8989-004D0E518DD1-- From nobody Fri May 6 10:14:58 2016 Return-Path: X-Original-To: lurk@ietf.org Delivered-To: lurk@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DB212D5C6; Fri, 6 May 2016 10:14:56 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IESG Secretary To: "IETF Announcement List" X-Test-IDTracker: no X-IETF-IDTracker: 6.20.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20160506171456.26401.79450.idtracker@ietfa.amsl.com> Date: Fri, 06 May 2016 10:14:56 -0700 Archived-At: Cc: lurk@ietf.org Subject: [Lurk] LURK BOF Virtual Interim Meeting: June 1, 2016 X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Reply-To: ietf@ietf.org List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2016 17:14:57 -0000 The Limited Use of Remote Keys (lurk) BOF will hold a virtual interim meeting on June 1, 2016 at 0900 EDT (1300 UTC). Interim LURK BOF Wednesday, June 1, 2016 9:00 am | Eastern Daylight Time (New York, GMT-04:00) | 3 hrs Join WebEx meeting: https://ietf.webex.com/ietf/j.php?MTID=m2e02b106d10e0716c7e596fb97e6e5af Meeting number: 644 206 627 Meeting password: nothing Join by phone 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Access code: 644 206 627 Toll-free calling restrictions: https://www.webex.com/pdf/tollfree_restrictions.pdf Add this meeting to your calendar: https://ietf.webex.com/ietf/j.php?MTID=m9bd59ae67436e90c43ac1fa17ffd7732 (Cannot add from mobile devices.) Need help? Go to http://help.webex.com . IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session. From nobody Thu May 12 14:10:23 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A502B12B04B for ; Thu, 12 May 2016 14:10:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wdQnEcGxQdof for ; Thu, 12 May 2016 14:10:18 -0700 (PDT) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6049712B034 for ; Thu, 12 May 2016 14:10:18 -0700 (PDT) Received: by mail-wm0-x233.google.com with SMTP id a17so156557791wme.0 for ; Thu, 12 May 2016 14:10:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=T6NKWfsQKUlhYN1MFi2kT9+fURxlQ7Nny/6DMWZd+hg=; b=0q3BUMARYldEbTRC/Iqe99R7FT6AWqGLaXGvQ3JLFaSXTM1xY3pPrNC2pn9NWBWQVQ Tz3YA0WZGMSIpVRAV9J764j09YBq++2NvyHwB7l7bIIQqorv0CXLj9YunO6HiIlb4Byw jEOKzek/eTHxh3aRZLVM5dH9S8/KVvhBPMG1fHOrDCEqV+T2Sgxdrv3vkSt2O1NBky1z pcopOED66q3gVsCQBJs/oMKkmMEZtSXQSxva6CSbAc9m341iIBv8FypYeXhAFkCzrcWK Mzk8Egf5fQEHXZ8WQ2KilmHEmPUq/2XGAUXLk6BCElR3zk+IIVYU2/jq0bRxHCcD5UNe IjUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=T6NKWfsQKUlhYN1MFi2kT9+fURxlQ7Nny/6DMWZd+hg=; b=SCXfe6S+s8unkM8xuy4TSL4xegTjsBWNZjHjGTi2339V+Its/HnBiBM8By5KU2azWL +zCFVDqHz7a77qWtQMM54H4gcoWhS3rNPe77Ue9oGJcs91W7t0iBe/93c/0qmj8RpqrA haKIrHV5brhSJTFVUrle1/j5BX+aOVoF7ONHaljujkFiwTyYrtg1o12fL+vRcDS06hPu fGroDpkQ4GhgUMk7wAR1shag6h6EfP7kYQiViBbOhi/xHgxTr6fsMVA44LTVT5LY7Cv9 SAPcIc2xwr4QKMldhyfDFiqlTCb26wQ57GDNyGKhmB0Sv3INx7PcFCtYyeoDNyRm6m/s CP4Q== X-Gm-Message-State: AOPr4FXzcHMq97GnwN1uw3t8mfwRSoxHwUBLWOlYF4pYSVFo7RmB8LuiDoOUBTG2r/+9fA== X-Received: by 10.28.227.138 with SMTP id a132mr8271201wmh.35.1463087416955; Thu, 12 May 2016 14:10:16 -0700 (PDT) Received: from [10.0.0.11] (bzq-79-182-201-82.red.bezeqint.net. [79.182.201.82]) by smtp.gmail.com with ESMTPSA id o73sm43238117wme.16.2016.05.12.14.10.15 for (version=TLSv1/SSLv3 cipher=OTHER); Thu, 12 May 2016 14:10:15 -0700 (PDT) References: <20160512204349.14299.93495.idtracker@ietfa.amsl.com> To: "lurk@ietf.org" From: Yaron Sheffer X-Forwarded-Message-Id: <20160512204349.14299.93495.idtracker@ietfa.amsl.com> Message-ID: <5734F136.10208@gmail.com> Date: Fri, 13 May 2016 00:10:14 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <20160512204349.14299.93495.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2016 21:10:20 -0000 Hi, To solve the CDN-shouldn't-get-my-private-key scenario, I propose an almost trivial REST API, where the CDN contacts the content owner once a day and obtains a 3 day credential (private key plus short-term cert). Comments are welcome! Thanks, Yaron -------- Forwarded Message -------- Subject: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt Date: Thu, 12 May 2016 13:43:49 -0700 From: internet-drafts@ietf.org To: Yaron Sheffer A new version of I-D, draft-sheffer-lurk-cert-delegation-00.txt has been successfully submitted by Yaron Sheffer and posted to the IETF repository. Name: draft-sheffer-lurk-cert-delegation Revision: 00 Title: Delegating TLS Certificates to a CDN Document date: 2016-05-12 Group: Individual Submission Pages: 8 URL: https://www.ietf.org/internet-drafts/draft-sheffer-lurk-cert-delegation-00.txt Status: https://datatracker.ietf.org/doc/draft-sheffer-lurk-cert-delegation/ Htmlized: https://tools.ietf.org/html/draft-sheffer-lurk-cert-delegation-00 Abstract: An organization that owns web content often prefers to delegate hosting of this content to a Content Delivery Network (CDN). To serve HTTP content securely, it needs to be protected with TLS. This document proposes a way for the CDN to request constrained certificates so that it can serve web content on behalf of the content owner, without having the owner's long term certificate. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat From nobody Thu May 19 07:47:37 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74E4A12D11E; Thu, 19 May 2016 07:47:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.125 X-Spam-Level: X-Spam-Status: No, score=-4.125 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15gJ9t4QlkXJ; Thu, 19 May 2016 07:47:24 -0700 (PDT) Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id BDE3712D1DC; Thu, 19 May 2016 07:47:21 -0700 (PDT) Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 105D7496C3C; Thu, 19 May 2016 14:47:21 +0000 (GMT) Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id E4693496C2A; Thu, 19 May 2016 14:47:20 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1463669240; bh=B8dqEJoZl/ergZMzeSS2+GPE7HmABO1brFr4ayJCgOE=; l=18308; h=From:To:CC:Date:References:In-Reply-To:From; b=Ff2Eu11DuU2oz61aBUBDy1lnrT8L4aoDk8OB2UuSwDPpaRb13dzIDS2Q2o4cfWOiH lfh9U/5uwimqewGEkXk2tbancmVLVEZ7TCdscJzb/0x8oQAeQdiIbtGJ6ORTZVXQeo FumnamO0cvjnXUH5f69Mfx7/rebxNQrEYcN8KnyA= Received: from email.msg.corp.akamai.com (ustx2ex-cas5.msg.corp.akamai.com [172.27.25.34]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id E13331E07C; Thu, 19 May 2016 14:47:20 +0000 (GMT) Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.27.104) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.27.105) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 19 May 2016 09:47:18 -0500 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.6.134]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.6.134]) with mapi id 15.00.1130.005; Thu, 19 May 2016 09:47:17 -0500 From: "Erb, Samuel" To: "Fossati, Thomas (Nokia - GB)" , "draft-erb-lurk-rsalg@ietf.org" Thread-Topic: review of draft-erb-lurk-rsalg-00 Thread-Index: AQHRjSgxLdvcKsY9MEOp/jtebfUpbJ/AsSEA Date: Thu, 19 May 2016 14:47:17 +0000 Message-ID: <9A3C81C9-7256-4037-BCB7-2855063EDE98@akamai.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.15.1.160411 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.44.55] Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3546499638_555826988" MIME-Version: 1.0 Archived-At: Cc: "lurk@ietf.org" Subject: Re: [Lurk] review of draft-erb-lurk-rsalg-00 X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2016 14:47:29 -0000 --B_3546499638_555826988 Content-type: multipart/alternative; boundary="B_3546499638_1631924068" --B_3546499638_1631924068 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: quoted-printable Hi Thomas, Thanks for the comments & apologies for the slow reply. Comments in line as [SE] Thanks, Sam From: "Fossati, Thomas (Nokia - GB)" Date: Saturday, April 2, 2016 at 5:39 PM To: "draft-erb-lurk-rsalg@ietf.org" Cc: "lurk@ietf.org" Subject: review of draft-erb-lurk-rsalg-00 Hi, thanks for the draft. The RSALG idea is really nice. A few comments: - Re: missing support for TLSv1.x x>2. We should probably think this a bit more: TLSv1.3 would probably be in the wild by the time LURK is finished? [SE] I agree =E2=80=93 I=E2=80=99m not aware of any significant changes for TLSv1.3 for= this draft? I could be wrong about this. The changes I see to watch out for= are: - SignatureAlgorithm -> SignatureScheme https://tlswg.github.io/tls13-spec= /#rfc.section.6.3.2.1 - 0RTT, but that appears to be resumption only https://tlswg.github.io/tls= 13-spec/#rfc.section.6.2.3 - There is no explicit requirement on the LURK box in terms of the algorithms it needs to support. What is the assumption? Probably there should to be an interface to allow the Server to know about the LURK box capabilities, so that it can negotiate TLS parameters with the client that won't fail the handshake mid-air? [SE] The LURK box should communicate it=E2=80=99s list of SignatureAlgorithm/Sign= atureScheme=E2=80=99s as it looks like that list will be more complex with TLSv1.3= (based on the link above) - I see the Server Key Exchange is still TBD, though a few things can be extrapolated from Section 4. I might be missing something, but I don't understand how the {client,server}_version fields would be relevant to a server_kx request? Which makes me wonder whether the request types could be refined a bit: it looks like server_kx and rsalg requests are different enough to be separate entities? Also, a RFC7627 version of rsalg would be quite different from the one currently defined. Any intention to support it? [SE] You=E2=80=99re correct =E2=80=93 the client/server version fields likely should be= removed from the server key exchange request (assuming no differences with = TLSv1.3).=20 [SE] For an RFC7627 version of RSALG, the client/server random fields could= be made into a single variable length field? Is there overlap between a nee= d to use RSALG (/RSA decryption) and RFC7627 support? (I wish I had data on = that) - Last para of Section 3.2: "An attacker who later gains access to KeyOwner [...]" s/KeyOwner/Server/? [SE] Sorry, still need to update that. What was meant there was access to a= Server (which can then contact a KeyOwner). - Cert/key rotation functionality is missing and I really think this should really be a requirement for any LURK proposal. [SE] I agree. A solution here does need to keep in mind that this may be ma= ny-to-many Servers to KeyOwners. Initial cert setup likely requires a messag= e of some kind (with some arbitrary =E2=80=9Ccert application use=E2=80=9D field?). Key = rotation may just be a signal to go through the initial setup again (possibl= y via some sort of additional parameter in each response to signify the cert= ificate has been rotated?). There's a further point that I'm not very sure (I'd like to hear other people's opinion): the security of TLS is not limited to the signature/decryption process. A good pseudo-random source at the Server is also critical. Would it be within LURK scope to let the Key Owner audit relevant session parameters? This could help if the Server is compromised -- or if it's just misbehaving. [SE] If the goal is only auditing, simulating a real connection (as a clien= t) may be a better path for this. For both server_kx and rsalg, you would re= ceive server/client random values. Cheers, Thomas. --B_3546499638_1631924068 Content-type: text/html; charset="UTF-8" Content-transfer-encoding: quoted-printable
Hi = Thomas,
Thanks for the comments & apologies for the slow reply= .

Comments in line as [SE]
Thanks,
Sam

From: "Fossati, Thomas (Nokia - GB)" <thomas.fossati@nokia.com>
Date: Saturday, April 2, 2016 at 5:39 PM<= br>To: "draft-erb-lurk-rsalg@ietf.org" <draft-erb-lurk-rsalg@ietf.org>
<= span style=3D"font-weight: bold;">Cc: "lurk@ietf.org" <lurk@ietf.org&= gt;
Subject: review of draft= -erb-lurk-rsalg-00

Hi,

thanks for the draft. The RSALG idea is really nice.

A few comments:

- Re: missing support for T= LSv1.x x>2.  We should probably think this a
bit more= : TLSv1.3 would probably be in the wild by the time LURK is
finish= ed?

[SE] I agree – I= ’m not aware of any significant changes for TLSv1.3 for this draft? I = could be wrong about this. The changes I see to watch out for are:
 - = SignatureAlgorithm -> SignatureSch= eme https://tlswg.github.io/tls13-spec/#rfc.section.6.3.2.1
 - 0RTT, but that appears to be resumption only <= /span>https://tlswg.github.io/tls13-spec/#rfc.section.6.2.3

- There is no explicit requirement o= n the LURK box in terms of the
algorithms it needs to support.&nbs= p; What is the assumption?  Probably there
should t= o be an interface to allow the Server to know about the LURK box
c= apabilities, so that it can negotiate TLS parameters with the client that
won't fail the handshake mid-air?

[SE] The LU= RK box should communicate it’s list of SignatureAlgorithm/= SignatureScheme’s as it looks like= that list will be more complex with TLSv1.3 (based on the link above)

- I see the Serve= r Key Exchange is still TBD, though a few things can be
extrapolat= ed from Section 4.  I might be missing something, but I don't
understand how the {client,server}_version fields would be relevant to= a
server_kx request?  Which makes me wonder whether the= request types could
be refined a bit: it looks like server_kx and= rsalg requests are different
enough to be separate entities? = ; Also, a RFC7627 version of rsalg would be
quite different f= rom the one currently defined.  Any intention to support
it?

[SE] You’re correct &= #8211; the client/server version fields likely should be removed from the se= rver key exchange request (assuming no differences with TLSv1.3). 
[SE] For an RFC7627 version of RSALG, the client/server ra= ndom fields could be made into a single variable length field? Is there over= lap between a need to use RSALG (/RSA decryption) and RFC7627 support? (I wi= sh I had data on that)

<= div>- Last para of Section 3.2: "An attacker who later gains access to
=
KeyOwner [...]" s/KeyOwner/Server/?

= [SE] Sorry, still need to update that. What was meant there was acc= ess to a Server (which can then contact a KeyOwner).

- Cert/key rotation functionality is missi= ng  and I really think this
should really be a requireme= nt for any LURK proposal.

[SE] I= agree. A solution here does need to keep in mind that this may be many-to-m= any Servers to KeyOwners. Initial cert setup likely requires a message of so= me kind (with some arbitrary “cert application use” field?). Key= rotation may just be a signal to go through the initial setup again (possib= ly via some sort of additional parameter in each response to signify the cer= tificate has been rotated?).

<= /div>
There's a further point that I'm not very sure (I'd like to hear o= ther
people's opinion): the security of TLS is not limited to the<= /div>
signature/decryption process.  A good pseudo-random sour= ce at the Server
is also critical.  Would it be within L= URK scope to let the Key Owner
audit relevant session parameters?&= nbsp; This could help if the Server is
compromised -- or if i= t's just misbehaving.

[SE] If th= e goal is only auditing, simulating a real connection (as a client) may be a= better path for this. For both server_kx and rsalg, you would receive serve= r/client random values.

=

Cheers, Thomas.


=
--B_3546499638_1631924068-- --B_3546499638_555826988 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIT8gYJKoZIhvcNAQcCoIIT4zCCE98CAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGgghG0MIIHxTCCBq2gAwIBAgIKO4aaBgACAAU1zjANBgkqhkiG9w0BAQUFADBeMRMwEQYK CZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGYWthbWFpMRQwEgYKCZImiZPyLGQB GRYEY29ycDEZMBcGA1UEAxMQQWthbWFpUEtJSXNzdWluZzAeFw0xNTA5MjExNDU2MjlaFw0x NjA5MTUxNDU2MjlaMGYxHDAaBgNVBAoTE0FrYW1haSBUZWNobm9sb2dpZXMxFzAVBgNVBAsT DkFVVE8tYm9zLW1wdTQ2MQ0wCwYDVQQDEwRzZXJiMR4wHAYJKoZIhvcNAQkBFg9zZXJiQGFr YW1haS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWGvnBOV6wAz6lxTYA 4W/AENf5QGM5y7yCJcHC5jxXLtrXx12SXksGqm/Y5KnLnq+6zjHTpEealiPx0iLrCYfYT2vh IKJacoX4BUKF5R6OjGnaBHBvLDHLxc86eoMiDnW7/78firraJhvd9jJQfPihxfOr3sUGljLh Iy6QytMIMR36mJyyoX/RtkErL9eTt/W0XWqTwaKaVdn3jVo/VfFW/hCrBbDOqHpyY5djAfDb HXbkkzldrctU/G5gbc8uHf/IWvp/cjspQNNrfk+PxSOsyA1LJoRIThL/YeSbwOyckE5E5iHX /nn08nGMhq8zV78e8laoxSkl1GrPLn+nRZILAgMBAAGjggR7MIIEdzALBgNVHQ8EBAMCBaAw MwYDVR0lBCwwKgYIKwYBBQUHAwcGCCsGAQUFBwMCBgorBgEEAYI3CgMEBggrBgEFBQcDBDAv BgNVHREEKDAmoCQGCisGAQQBgjcUAgOgFgwUc2VyYkBjb3JwLmFrYW1haS5jb20wHQYDVR0O BBYEFO6YSIklcyS623k9yutBJX0dMobEMB8GA1UdIwQYMBaAFAfstI6vZ4ZUiO+9sxRXSc+C TL8UMIIBOQYDVR0fBIIBMDCCASwwggEooIIBJKCCASCGJWh0dHA6Ly9ha2FtYWlwa2kvQWth bWFpUEtJSXNzdWluZy5jcmyGO2h0dHA6Ly9ha2FtYWlwa2kuZGZ3MDEuY29ycC5ha2FtYWku Y29tL0FrYW1haVBLSUlzc3VpbmcuY3JshoG5bGRhcDovLy9DTj1Ba2FtYWlQS0lJc3N1aW5n LENOPXVzbWExY2EtcGtpMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049 U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1mcixEQz1hZHN2Yz9jZXJ0aWZpY2F0ZVJl dm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwggG8 BggrBgEFBQcBAQSCAa4wggGqMFkGCCsGAQUFBzAChk1odHRwOi8vYWthbWFpcGtpL3VzbWEx Y2EtcGtpMS5rZW5kYWxsLmNvcnAuYWthbWFpLmNvbV9Ba2FtYWlQS0lJc3N1aW5nKDIpLmNy dDBvBggrBgEFBQcwAoZjaHR0cDovL2FrYW1haXBraS5kZncwMS5jb3JwLmFrYW1haS5jb20v dXNtYTFjYS1wa2kxLmtlbmRhbGwuY29ycC5ha2FtYWkuY29tX0FrYW1haVBLSUlzc3Vpbmco MikuY3J0MIGsBggrBgEFBQcwAoaBn2xkYXA6Ly8vQ049QWthbWFpUEtJSXNzdWluZyxDTj1B SUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJh dGlvbixEQz1mcixEQz1hZHN2Yz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2Vy dGlmaWNhdGlvbkF1dGhvcml0eTAtBggrBgEFBQcwAYYhaHR0cDovL2FrYW1haW9jc3AuYWth bWFpLmNvbS9vY3NwMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCILO5TqHuNQtgYWLB6Lj IYbSD4FJhOTfBYGQ+hQCAWQCARswQQYJKwYBBAGCNxUKBDQwMjAKBggrBgEFBQcDBzAKBggr BgEFBQcDAjAMBgorBgEEAYI3CgMEMAoGCCsGAQUFBwMEMEQGCSqGSIb3DQEJDwQ3MDUwDgYI KoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzANBgkq hkiG9w0BAQUFAAOCAQEAQVbbJDeJUpsN81U5VwtMu7o+9TmmdslB5T6TVxYBIZOwtTj8eUrY F33eMDlltEw4ABE6BVN6O0mx7uqcdu6s6HVc2Z0PmJVoPK7naWjewtqB3P0GaMJhhDJurOH5 jWFgsulWKvxLVLfm3x9YX9NhOfWJyYYbjwsbZ2WyLrPKzQEbxzma+FGpqzMv2MPJ3gUwS/Ne b5yRIgez7Gb8A16/e9Q3uoeRKh3mH17zG3qYqJLFtVfeHEdvYk7LtYVaScP37jcYDhLWWIpa 0hzn9QkVV5h6wNFifS8SD9HR4n6fIPDzNX5+X/N1AMvKsylaTZsEkaFJei8ECIS6++6ycp0q 4jCCBjYwggUeoAMCAQICChsbaFcAAAAAAAQwDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMN QWthbWFpUEtJUm9vdDAeFw0wOTA2MDMxMzE2MjFaFw0xOTA2MDMxMzI2MjFaMF4xEzARBgoJ kiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2FtYWkxFDASBgoJkiaJk/IsZAEZ FgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAoqPGGQN5Xz5QhjrAOiR5ZeKJ877eOxX2Ais/T5cLkVeRoJCv18uNcEhu RqbDl9G47784PzZi8nkjNbblwyXg8ZSweWnz1en5ZeDMdO6XQ8eQrKGMJ2FN70WUbW8uDJRw 6oGcnsLvcFiN3lKRi/RdSSuO649Tkfzq+A9zFcxABosmmYDCSJ1+B6noMarjHG62AjwjPotn Jo95wR7raXs+JRDsBVPXazas8aPduNyN/yBN/ianrjc/AKi2vzRETb98qvv3h2GWdif7nBew 1UN2dIKmImH3AA5djlfpjU4NtP+XCoBHUtaLg7Npi7+GsYLcmB0b63L02cs9QCXA4oOeawID AQABo4IDOjCCAzYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUB+y0jq9nhlSI772zFFdJ z4JMvxQwCwYDVR0PBAQDAgGGMBAGCSsGAQQBgjcVAQQDAgECMCMGCSsGAQQBgjcVAgQWBBSo J9lbQyx7FwMht3LPL4u8ambeJDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSME GDAWgBTYPTvz/hw6QnfgXMovZhPk2qAFDDCCATAGA1UdHwSCAScwggEjMIIBH6CCARugggEX hiJodHRwOi8vYWthbWFpcGtpL0FrYW1haVBLSVJvb3QuY3JshjhodHRwOi8vYWthbWFpcGtp LmRmdzAxLmNvcnAuYWthbWFpLmNvbS9Ba2FtYWlQS0lSb290LmNybIaBtmxkYXA6Ly8vQ049 QWthbWFpUEtJUm9vdCxDTj11c21hMWNhLXBraTAsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUy MFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZnIsREM9YWRzdmM/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1 dGlvblBvaW50MIIBTgYIKwYBBQUHAQEEggFAMIIBPDA7BggrBgEFBQcwAoYvaHR0cDovL2Fr YW1haXBraS91c21hMWNhLXBraTBfQWthbWFpUEtJUm9vdC5jcnQwUQYIKwYBBQUHMAKGRWh0 dHA6Ly9ha2FtYWlwa2kuZGZ3MDEuY29ycC5ha2FtYWkuY29tL3VzbWExY2EtcGtpMF9Ba2Ft YWlQS0lSb290LmNydDCBqQYIKwYBBQUHMAKGgZxsZGFwOi8vL0NOPUFrYW1haVBLSVJvb3Qs Q049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZp Z3VyYXRpb24sREM9ZnIsREM9YWRzdmM/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz PWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEBADkqmsMzAXzel+sF b7Z3lFZ3uydL4mgSW5taIvqlvy7gAFfWaAgkurkKqzDSVT4TRGH7eJP1yVK/L2R6oII4e6Nl JFM1iyD+AFhPR7qVzOAnrDlJD/v9q0JZBNDvNQSSApRMHQ0VYRuMC1HruQexFvqDBoqjJ1oE GYWthlOt+sLWXwqQxBILOGt0vcsUx/QJX3FRhLjEri+aO0XVBdRaNiZyB50kmhNelgWRPT5O sDuz17HVVF6R8KpDzOKCJ1nS/eUxW9nkxH0E5/BC2Q0IMP9TGxKs4j8qKTW2gbqOBDekUsWF Dgvv6HJlYSDJNwqy0j38ANOSuw0LPg6v6nLsDx0wggOtMIIClaADAgECAhB88/xrHFw+jkxC 7ZDwBQQiMA0GCSqGSIb3DQEBBQUAMBgxFjAUBgNVBAMTDUFrYW1haVBLSVJvb3QwHhcNMDkw NDI4MTQ0MzIzWhcNMjkwNDI4MTQ1MzIyWjAYMRYwFAYDVQQDEw1Ba2FtYWlQS0lSb290MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4N+aDkbKkg1bSpVzQR95Ez26GRjyoS+ nMWgTgLDzLtYnFgXiAvtLv+2z8TTiLk6A5MdqVahAIz6Qn4LJr918dlGPcCsI1xN1bvzNGC0 joAOuA/yQ0pE2/Z0mINg8z03x9dA6CoP5FNEhLd7GtZNk+irt7PbWSKJ9QSXDRUwBp8flhfP jUEGyzGkdhMxpFRdkWOxwSFza41suf7TdNLu4yWzdITqGJd6Eo4XYoLCfrZ9BntAnKxyHaxW ZXvgvLomHPJrGs8wygrEzJy3b17do1jzNV3O1IKGf3p+FIJg4/O9YF/K/grYDrgP2xyxpD+g 6RYpG3cVAj0916EJXrQvKQIDAQABo4HyMIHvMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTAD AQH/MB0GA1UdDgQWBBTYPTvz/hw6QnfgXMovZhPk2qAFDDAQBgkrBgEEAYI3FQEEAwIBADCB nQYDVR0gBIGVMIGSMIGPBgkqAwQFBgcICQ8wgYEwWAYIKwYBBQUHAgIwTB5KAEEAawBhAG0A YQBpACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAUAByAGEAYwB0AGkAYwBlACAAUwB0AGEA dABlAG0AZQBuAHQwJQYIKwYBBQUHAgEWGWh0dHA6Ly9ha2FtYWlwa2kvY3BzLmh0bWwwDQYJ KoZIhvcNAQEFBQADggEBADR09HF7ZX7M0ZNLWyD3w61zjJ74FvjdzbicVuWYWEDgzOykYiUA IKsp2IXxcF29EveJwLpxs8yGvcQhA2Om/fFg1zNka9mw2iHCUtTsVgh+ifO/3BDGUH+oDuL3 rHmr3h404guBA3lmeJ8mG1IE/ukW898bMXXxIc3uPci66grVGLBtxQq4secvcSzMtGFTFkc6 dE+yN+G7iQrwSMjrHSDBK0EKbTaZpUbKZegezK1dAGGPxSMYfFd4Ry7vB36zEDbI0ctPLPRI rij3v9QhcecmUDjrfvLJ/BCdTXVxlGEygaYQ+7v5Ws53D6+n6XJionZpOvh/IvvRO6OOFqWm legxggICMIIB/gIBATBsMF4xEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZ FgZha2FtYWkxFDASBgoJkiaJk/IsZAEZFgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1 aW5nAgo7hpoGAAIABTXOMA0GCWCGSAFlAwQCAQUAoGkwLwYJKoZIhvcNAQkEMSIEIA8WwJsg qm82gUA8nHFwXvflC9nm57acgP9gJOAPt2WqMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw HAYJKoZIhvcNAQkFMQ8XDTE2MDUxOTE0NDcxOFowDQYJKoZIhvcNAQEBBQAEggEAveZzhR54 WjNeebLj3qgeXeafQUsTsTDzR0UrqY2ljoLSu7cSJFE2J8u2vEfo63luiZ4egcgvRWkZBfbf MWoQSBLucxoYiCwhcDSGJUZuKJZaI99crYJssGgZ9P8eBGpTwq95Y3EW6yPb2HASyLZgPTyh id802D+GnKWcfjAUk1Hz2dKoZR2zR246VJfSPhZL3bJOVG2vrMxHBbChnPnwp8C40rI2mZc4 VOmsT5f48YfPvvMxCFwhaEVApSS7onglzRQkrlBGcF381oj9guWqyddH4yECogjtZf2E+gw9 qLa5FPjS/eGSSbPB2Z1FR37WrZWiAgoL7Y3e9PXHnXAlQQ== --B_3546499638_555826988-- From nobody Wed May 25 03:00:16 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A171212D19D for ; Wed, 25 May 2016 03:00:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.921 X-Spam-Level: X-Spam-Status: No, score=-6.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gHkheqbSIjH for ; Wed, 25 May 2016 03:00:13 -0700 (PDT) Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2819F12D664 for ; Wed, 25 May 2016 03:00:13 -0700 (PDT) Received: from fr712umx3.dmz.alcatel-lucent.com (unknown [135.245.210.42]) by Websense Email Security Gateway with ESMTPS id D439AA30FC5D4; Wed, 25 May 2016 10:00:08 +0000 (GMT) Received: from fr711usmtp1.zeu.alcatel-lucent.com (fr711usmtp1.zeu.alcatel-lucent.com [135.239.2.122]) by fr712umx3.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u4PA0ASJ005023 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 25 May 2016 10:00:10 GMT Received: from FR712WXCHHUB03.zeu.alcatel-lucent.com (fr712wxchhub03.zeu.alcatel-lucent.com [135.239.2.74]) by fr711usmtp1.zeu.alcatel-lucent.com (GMO) with ESMTP id u4P9xx5x008558 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 25 May 2016 12:00:10 +0200 Received: from FR711WXCHMBA08.zeu.alcatel-lucent.com ([169.254.4.26]) by FR712WXCHHUB03.zeu.alcatel-lucent.com ([135.239.2.74]) with mapi id 14.03.0195.001; Wed, 25 May 2016 12:00:00 +0200 From: "Fossati, Thomas (Nokia - GB)" To: EXT Yaron Sheffer , "lurk@ietf.org" Thread-Topic: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt Thread-Index: AQHRrJK2YOdppGeYJE62svfOinx2vZ/JbnoA Date: Wed, 25 May 2016 10:00:00 +0000 Message-ID: References: <20160512204349.14299.93495.idtracker@ietfa.amsl.com> <5734F136.10208@gmail.com> In-Reply-To: <5734F136.10208@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.6.4.160422 x-originating-ip: [135.239.27.39] Content-Type: text/plain; charset="us-ascii" Content-ID: <98F8486161696A498FE36251B6EA95C8@exchange.lucent.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2016 10:00:15 -0000 Hi Yaron, On 12/05/2016 22:10, "Lurk on behalf of EXT Yaron Sheffer" wrote: >To solve the CDN-shouldn't-get-my-private-key scenario, I propose an >almost trivial REST API, where the CDN contacts the content owner once a >day and obtains a 3 day credential (private key plus short-term cert). > >Comments are welcome! Thanks very much for the draft. Your proposal has a few good properties: - It's very simple, with minimal impact on existing implementations and deployments; - It scales very well, because it drastically reduces the number of calls to the LURK box (somewhere about 10 orders of magnitude less than the other proposals), and because it removes the need for keeping the LURK box near the edge - and thus deploying more boxes as the CDN footprint grows -- if the application cares about time-to-first-byte, as it usually does; - It makes the CDN less dependent on the availability of the LURK box; - Lastly, it seems to provide the right ecosystem for solving the well known revocation issues ([1], [2]) -- very similarly to a proposal from Topalovic et al. [3]. The only "minus" point is that the CDN still holds the content provider's private key. In fact, in your proposal, the "Remote Keys" in the LURK acronym aren't remote at all :-) Cheers, t [1] https://www.imperialviolet.org/2011/03/18/revocation.html [2] https://www.imperialviolet.org/2014/04/29/revocationagain.html [3] http://www.w2spconf.com/2012/papers/w2sp12-final9.pdf =09 =09 =09 =09 From nobody Wed May 25 06:50:02 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5487E12DC78 for ; Wed, 25 May 2016 06:49:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YPiv-gUaDTrM for ; Wed, 25 May 2016 06:49:51 -0700 (PDT) Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 296EB12D696 for ; Wed, 25 May 2016 06:46:41 -0700 (PDT) Received: by mail-wm0-x22b.google.com with SMTP id z87so19181013wmh.1 for ; Wed, 25 May 2016 06:46:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=1W4zfSZVh8v8qletmVRR0kTgrwwBPz6hbRmcVrPW4Hk=; b=cH22QgsA2VEnEhPtGy66ltCNTuzK9RwRMMWRauEiGouEaksZbDd8VXRVSpII8pmdiy e/givoAFj15cYGP10bk3R7JLN2iSZ1Hk+DEPekGRCY1lb97d5Sms9v1tvyLqk47v6R5x imxCKh/LB750yhIW75grtBhPhc8IyqeJSG76DYgRwFT9uSh2ttt4J3/AUgq/jgbgDo+O PpwG7wAZVa/WQw4deZTEUN/ihvVxDG9xhEDCAvCHt12RpEYdy5FINrf9Zn0lZMiAaRlB LGI/+ZCbqVUvagROWLSvcaM+WRcYvpwBPP2pp6Y0vrszQPNS+u/cXl62vOL33V45ry6U X0Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=1W4zfSZVh8v8qletmVRR0kTgrwwBPz6hbRmcVrPW4Hk=; b=DqCqOnzTKffKKJGGTPUcMKH/+CBObz5GC8Y5LKZDSzvkGJSAHysytbzTfjtlBomU9f qsJYR9e9sGUyj3PdQWDTNfFl/n6ugBr42nC9xLekWkB1hU/CcdvOvEWxZZJti0EzMdci NPnsCbOxj9PgbsC+MQ9C0E/0Ux239hJvK3AmkAMj+X0mkI702SnbeDQqqSs46ayd7Cc9 E86AWjcJtFRuHPinJJoX6dOtaNXxgZzcsiSQOyGZ9sW1kqr9oteQOU93YLhaPixjex6E aDj3sTOdbMtG/mf6IMwqvt87zBoaR85Ecf+W6l2LBpo2+FWtwjry7BaspQf6TxC2h48u csgw== X-Gm-Message-State: ALyK8tIVfFYJwB3viFs8VmT9hTZBEjR9KiPhXFlziK6JiBkr22mPaYIem+gUFkRl25cJeg== X-Received: by 10.28.165.131 with SMTP id o125mr3592655wme.83.1464183999486; Wed, 25 May 2016 06:46:39 -0700 (PDT) Received: from [192.168.0.190] ([192.116.212.114]) by smtp.gmail.com with ESMTPSA id bu7sm8939153wjc.3.2016.05.25.06.46.37 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 25 May 2016 06:46:37 -0700 (PDT) To: "Fossati, Thomas (Nokia - GB)" , "lurk@ietf.org" References: <20160512204349.14299.93495.idtracker@ietfa.amsl.com> <5734F136.10208@gmail.com> From: Yaron Sheffer Message-ID: <5745ACBC.9030504@gmail.com> Date: Wed, 25 May 2016 16:46:36 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2016 13:49:53 -0000 > Hi Yaron, > > On 12/05/2016 22:10, "Lurk on behalf of EXT Yaron Sheffer" > wrote: >> To solve the CDN-shouldn't-get-my-private-key scenario, I propose an >> almost trivial REST API, where the CDN contacts the content owner once a >> day and obtains a 3 day credential (private key plus short-term cert). >> >> Comments are welcome! > > Thanks very much for the draft. > > Your proposal has a few good properties: > - It's very simple, with minimal impact on existing implementations and > deployments; > - It scales very well, because it drastically reduces the number of calls > to the LURK box (somewhere about 10 orders of magnitude less than the > other proposals), and because it removes the need for keeping the LURK > box near the edge - and thus deploying more boxes as the CDN footprint > grows -- if the application cares about time-to-first-byte, as it usually > does; > - It makes the CDN less dependent on the availability of the LURK box; > - Lastly, it seems to provide the right ecosystem for solving the well > known revocation issues ([1], [2]) -- very similarly to a proposal from > Topalovic et al. [3]. > > The only "minus" point is that the CDN still holds the content provider's > private key. In fact, in your proposal, the "Remote Keys" in the LURK > acronym aren't remote at all :-) > > Cheers, t > > [1] https://www.imperialviolet.org/2011/03/18/revocation.html > [2] https://www.imperialviolet.org/2014/04/29/revocationagain.html > [3] http://www.w2spconf.com/2012/papers/w2sp12-final9.pdf > We could always rename the group LUCK - C for "cached"... Or else we could decide that we have another use case for remote signing boxes, one that's better than CDNs. Thanks, Yaron From nobody Wed May 25 09:18:20 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEAB712D82B for ; Wed, 25 May 2016 09:18:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.619 X-Spam-Level: X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xKKjSGSeIxe0 for ; Wed, 25 May 2016 09:18:17 -0700 (PDT) Received: from relais-inet.francetelecom.com (relais-ias91.francetelecom.com [193.251.215.91]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EDBB12D81D for ; Wed, 25 May 2016 09:18:17 -0700 (PDT) Received: from omfedm05.si.francetelecom.fr (unknown [xx.xx.xx.1]) by omfedm09.si.francetelecom.fr (ESMTP service) with ESMTP id 85B762DC6AA; Wed, 25 May 2016 18:18:15 +0200 (CEST) Received: from Exchangemail-eme2.itn.ftgroup (unknown [10.114.31.13]) by omfedm05.si.francetelecom.fr (ESMTP service) with ESMTP id 6871135C078; Wed, 25 May 2016 18:18:15 +0200 (CEST) Received: from OPEXCLILM44.corporate.adroot.infra.ftgroup ([fe80::b08d:5b75:e92c:a45f]) by OPEXCLILM6D.corporate.adroot.infra.ftgroup ([fe80::54f9:a6c3:c013:cbc7%19]) with mapi id 14.03.0294.000; Wed, 25 May 2016 18:18:15 +0200 From: To: "lurk@ietf.org" , "Salz, Rich" Thread-Topic: draft-erb-lurk-rsalg Thread-Index: AdG2oOngMNPONAozTT6BlITkLElwVg== Date: Wed, 25 May 2016 16:18:14 +0000 Message-ID: <29549_1464193095_5745D047_29549_13265_1_5AE9CCAA1B4A2248AB61B4C7F0AD5FB90FAE4EC9@OPEXCLILM44.corporate.adroot.infra.ftgroup> Accept-Language: fr-FR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.168.234.5] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-PMX-Version: 6.2.1.2478543, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2016.5.25.154216 Archived-At: Subject: [Lurk] draft-erb-lurk-rsalg X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2016 16:18:19 -0000 Hi Rich,=20 I was reading section 3.2. do you have more details on the flights ? Regards Emile ___________________________________________________________________________= ______________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confiden= tielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu= ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages el= ectroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou = falsifie. Merci. This message and its attachments may contain confidential or privileged inf= ormation that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and dele= te this message and its attachments. As emails may be altered, Orange is not liable for messages that have been = modified, changed or falsified. Thank you. From nobody Wed May 25 10:53:56 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 823DC12D518 for ; Wed, 25 May 2016 10:53:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.127 X-Spam-Level: X-Spam-Status: No, score=-4.127 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VCJamkdk58yb for ; Wed, 25 May 2016 10:53:50 -0700 (PDT) Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id B714C12D4FD for ; Wed, 25 May 2016 10:53:50 -0700 (PDT) Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 10ECD200018; Wed, 25 May 2016 17:53:50 +0000 (GMT) Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id EBF2320000B; Wed, 25 May 2016 17:53:49 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1464198829; bh=tvLfU3q08LQpLzDk+2zmm8vekohNkVBl1UeRRrIPdwU=; l=108; h=From:To:Date:References:In-Reply-To:From; b=Rq1lVBrP13NTpj76MNZmfYiN13R8KBzgWrKF+t7MteeUP3WzP7H1FXTe3BeSn0mE9 zi8NHP3Hn8m6RxC84x/xmoqAWwNAAzxnjTSQUAWLCj/9VfauLgrqfw9xiA2an60Kkv eaP6g2PFB+jTH9o+B3AfsQP3JNXe6b6caaIknL0I= Received: from email.msg.corp.akamai.com (usma1ex-cas1.msg.corp.akamai.com [172.27.123.30]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id D38F21E07C; Wed, 25 May 2016 17:53:49 +0000 (GMT) Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb2.msg.corp.akamai.com (172.27.123.102) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Wed, 25 May 2016 13:53:49 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1130.005; Wed, 25 May 2016 13:53:49 -0400 From: "Salz, Rich" To: "emile.stephan@orange.com" , "lurk@ietf.org" Thread-Topic: draft-erb-lurk-rsalg Thread-Index: AdG2oOngMNPONAozTT6BlITkLElwVgADXNnQ Date: Wed, 25 May 2016 17:53:49 +0000 Message-ID: <49b5d54c7fc74055a9b53a743ca90b20@usma1ex-dag1mb1.msg.corp.akamai.com> References: <29549_1464193095_5745D047_29549_13265_1_5AE9CCAA1B4A2248AB61B4C7F0AD5FB90FAE4EC9@OPEXCLILM44.corporate.adroot.infra.ftgroup> In-Reply-To: <29549_1464193095_5745D047_29549_13265_1_5AE9CCAA1B4A2248AB61B4C7F0AD5FB90FAE4EC9@OPEXCLILM44.corporate.adroot.infra.ftgroup> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.42.174] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Lurk] draft-erb-lurk-rsalg X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 May 2016 17:53:54 -0000 > I was reading section 3.2. do you have more details on the flights ? Not sure what you mean, sorry. From nobody Thu May 26 01:53:20 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE0BE12D872 for ; Thu, 26 May 2016 01:53:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.921 X-Spam-Level: X-Spam-Status: No, score=-6.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOD9XMrEJxkR for ; Thu, 26 May 2016 01:53:17 -0700 (PDT) Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E4012D89C for ; Thu, 26 May 2016 01:53:17 -0700 (PDT) Received: from fr712umx3.dmz.alcatel-lucent.com (unknown [135.245.210.42]) by Websense Email Security Gateway with ESMTPS id 0EEB0C4F43C91; Thu, 26 May 2016 08:53:13 +0000 (GMT) Received: from fr711usmtp1.zeu.alcatel-lucent.com (fr711usmtp1.zeu.alcatel-lucent.com [135.239.2.122]) by fr712umx3.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u4Q8rE8s013796 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 26 May 2016 08:53:15 GMT Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr711usmtp1.zeu.alcatel-lucent.com (GMO) with ESMTP id u4Q8rCMD026384 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 26 May 2016 10:53:14 +0200 Received: from FR711WXCHMBA08.zeu.alcatel-lucent.com ([169.254.4.26]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0195.001; Thu, 26 May 2016 10:52:42 +0200 From: "Fossati, Thomas (Nokia - GB)" To: Yaron Sheffer , "lurk@ietf.org" Thread-Topic: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt Thread-Index: AQHRrJK2YOdppGeYJE62svfOinx2vZ/JbnoAgAAujwCAAVD4AA== Date: Thu, 26 May 2016 08:52:41 +0000 Message-ID: References: <20160512204349.14299.93495.idtracker@ietfa.amsl.com> <5734F136.10208@gmail.com> <5745ACBC.9030504@gmail.com> In-Reply-To: <5745ACBC.9030504@gmail.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.6.4.160422 x-originating-ip: [135.239.27.41] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2016 08:53:19 -0000 On 25/05/2016 14:46, "Yaron Sheffer" wrote: >>Hi Yaron, >> >> On 12/05/2016 22:10, "Lurk on behalf of EXT Yaron Sheffer" >> wrote: >>> To solve the CDN-shouldn't-get-my-private-key scenario, I propose an >>> almost trivial REST API, where the CDN contacts the content owner once >>>a >>> day and obtains a 3 day credential (private key plus short-term cert). >>> >>> Comments are welcome! >> >> Thanks very much for the draft. >> >> Your proposal has a few good properties: >> - It's very simple, with minimal impact on existing implementations and >> deployments; >> - It scales very well, because it drastically reduces the number of >>calls >> to the LURK box (somewhere about 10 orders of magnitude less than the >> other proposals), and because it removes the need for keeping the LURK >> box near the edge - and thus deploying more boxes as the CDN footprint >> grows -- if the application cares about time-to-first-byte, as it >>usually >> does; >> - It makes the CDN less dependent on the availability of the LURK box; >> - Lastly, it seems to provide the right ecosystem for solving the well >> known revocation issues ([1], [2]) -- very similarly to a proposal from >> Topalovic et al. [3]. >> >> The only "minus" point is that the CDN still holds the content >>provider's >> private key. In fact, in your proposal, the "Remote Keys" in the LURK >> acronym aren't remote at all :-) >> >> Cheers, t >> >> [1] https://www.imperialviolet.org/2011/03/18/revocation.html >> [2] https://www.imperialviolet.org/2014/04/29/revocationagain.html >> [3] http://www.w2spconf.com/2012/papers/w2sp12-final9.pdf >> > >We could always rename the group LUCK - C for "cached"... > >Or else we could decide that we have another use case for remote signing >boxes, one that's better than CDNs. Just to clarify: what are you proposing above in relationship to the proposed charter=20 (https://www.ietf.org/mail-archive/web/lurk/current/msg00080.html) is: (a) To extend it to include the "ephemeral keys" use-case/solution alongside the TLS interface? (b) To change LURK into LUCK and get rid of the TLS interface? Cheers, t From nobody Thu May 26 05:14:28 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D76E12DADA for ; Thu, 26 May 2016 05:14:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kLAGwZjJSYGS for ; Thu, 26 May 2016 05:14:25 -0700 (PDT) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A212212DAC2 for ; Thu, 26 May 2016 05:14:24 -0700 (PDT) Received: by mail-wm0-x229.google.com with SMTP id z87so365672wmh.1 for ; Thu, 26 May 2016 05:14:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=fwkzriNIQUENHH8xZdCjEZTMmR5pAJZkUPLvcxX+7+U=; b=PiKnp88YcF9DMki2J6jLAPFGXg5p6N5GVee/EHdtYAolX+CSz6FuROe78AX5Mz85wn BnRI3LQY8GkF2xcaLR2ujyYFXSqFOIqnhkqMDR7wWm90yn/eXDTQAbmLalOdo7UwqQW/ 7SGmUu33sl3WrMZu57vTWpIX+YVUHk1rTY4gQH6Yooc2JlXGkV9FZLlLtCx+RRFq4YYf poSzv0Bykj/WgE9xnn8k9QbICimeYxty9xRvSWa8tI0rlR4AEeOILH4Gi2yrBEE6rcR7 6bx6qwwIucdTYiW+yK0NCFbgyGnscIn94zO3LIblHuEgNCcJY7uRj3RC/XovFHoRHe68 IceQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=fwkzriNIQUENHH8xZdCjEZTMmR5pAJZkUPLvcxX+7+U=; b=Psfps03+NHWpgeZdRRjMVIynwK9Lv0KlZ/eAFeHFGk89JHFTwX7U2Wy18PPXHcSz6y jsfqKSY+IhLW0oWhvaSz8cCpawIMKZRxyPz8m95jLocvhLKJIVYM41/pkzi0Mf9dLEHa BzN7FjmVCeON2unWdK0A0JOUk544QwpAHK5vdmwzkNL31KWeYnay1lnNnslYpGgwcMg+ FFwqI2iI1Vlq93q8pFWLhbWBcBK6GmlFnsue3bmY9d8btTiabCxzXYGNOvici2zkkAbt aQK+qdYf51NLW/KSiDgQuzvoB0M6XrLgxOWWKnNwgQEdurs34q3xfYfkRmDRNq3tNMtn +swQ== X-Gm-Message-State: ALyK8tIvedlDATuJ3Uf7X0qEEAVV6yqhUHjfRO3xZg1xmUi2N1N2untnpvgYIspr/pA01Q== X-Received: by 10.194.18.207 with SMTP id y15mr9272630wjd.155.1464264863109; Thu, 26 May 2016 05:14:23 -0700 (PDT) Received: from [10.0.0.2] (bzq-79-181-144-132.red.bezeqint.net. [79.181.144.132]) by smtp.gmail.com with ESMTPSA id d7sm3251572wmd.11.2016.05.26.05.14.21 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 May 2016 05:14:22 -0700 (PDT) To: "Fossati, Thomas (Nokia - GB)" , "lurk@ietf.org" References: <20160512204349.14299.93495.idtracker@ietfa.amsl.com> <5734F136.10208@gmail.com> <5745ACBC.9030504@gmail.com> From: Yaron Sheffer Message-ID: <5746E89C.5010808@gmail.com> Date: Thu, 26 May 2016 15:14:20 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Lurk] Fwd: New Version Notification for draft-sheffer-lurk-cert-delegation-00.txt X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2016 12:14:26 -0000 >>> >> >> We could always rename the group LUCK - C for "cached"... >> >> Or else we could decide that we have another use case for remote signing >> boxes, one that's better than CDNs. > > Just to clarify: what are you proposing above in relationship to the > proposed charter > (https://www.ietf.org/mail-archive/web/lurk/current/msg00080.html) is: > (a) To extend it to include the "ephemeral keys" use-case/solution > alongside the TLS interface? > (b) To change LURK into LUCK and get rid of the TLS interface? > > > Cheers, t > Yes, either (a) or (b) would work for me. But if we choose (a), I think we ought to provide a use case that would justify the effort. Thanks, Yaron From nobody Fri May 27 03:24:55 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2EB812D6FE; Fri, 27 May 2016 03:24:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.92 X-Spam-Level: X-Spam-Status: No, score=-6.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c1h7Q2b5v94Q; Fri, 27 May 2016 03:24:50 -0700 (PDT) Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A01CA12D733; Fri, 27 May 2016 03:24:48 -0700 (PDT) Received: from fr712umx3.dmz.alcatel-lucent.com (unknown [135.245.210.42]) by Websense Email Security Gateway with ESMTPS id 973D6E3B80164; Fri, 27 May 2016 10:24:42 +0000 (GMT) Received: from fr711usmtp1.zeu.alcatel-lucent.com (fr711usmtp1.zeu.alcatel-lucent.com [135.239.2.122]) by fr712umx3.dmz.alcatel-lucent.com (GMO-o) with ESMTP id u4RAOgKu004509 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 27 May 2016 10:24:42 GMT Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr711usmtp1.zeu.alcatel-lucent.com (GMO) with ESMTP id u4RAOd1w008007 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 27 May 2016 12:24:41 +0200 Received: from FR711WXCHMBA08.zeu.alcatel-lucent.com ([169.254.4.26]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.03.0195.001; Fri, 27 May 2016 12:24:40 +0200 From: "Fossati, Thomas (Nokia - GB)" To: "Erb, Samuel" , "Fossati, Thomas (Nokia - GB)" , "draft-erb-lurk-rsalg@ietf.org" Thread-Topic: review of draft-erb-lurk-rsalg-00 Thread-Index: AQHRjSgxLdvcKsY9MEOp/jtebfUpbJ/AsSEAgAwnswA= Date: Fri, 27 May 2016 10:24:40 +0000 Message-ID: References: <9A3C81C9-7256-4037-BCB7-2855063EDE98@akamai.com> In-Reply-To: <9A3C81C9-7256-4037-BCB7-2855063EDE98@akamai.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.6.4.160422 x-originating-ip: [135.239.27.40] Content-Type: multipart/alternative; boundary="_000_D36C780B68474thomasfossatialcatellucentcom_" MIME-Version: 1.0 Archived-At: Cc: "lurk@ietf.org" Subject: Re: [Lurk] review of draft-erb-lurk-rsalg-00 X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2016 10:24:54 -0000 --_000_D36C780B68474thomasfossatialcatellucentcom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi Sam, Thanks very much for the detailed answers. I've inlined a few comments. I'm looking forward for an updated version of your draft =97 are you planni= ng to submit it before the interim? Cheers, t From: "Erb, Samuel" > Date: Thursday, 19 May 2016 15:47 To: "Fossati, Thomas (Nokia - GB)" >, "draft-erb-lurk-rsalg@ietf.org" > Cc: "lurk@ietf.org" > Subject: Re: review of draft-erb-lurk-rsalg-00 Hi Thomas, Thanks for the comments & apologies for the slow reply. Comments in line as [SE] Thanks, Sam From: "Fossati, Thomas (Nokia - GB)" > Date: Saturday, April 2, 2016 at 5:39 PM To: "draft-erb-lurk-rsalg@ietf.org" <= draft-erb-lurk-rsalg@ietf.org> Cc: "lurk@ietf.org" > Subject: review of draft-erb-lurk-rsalg-00 Hi, thanks for the draft. The RSALG idea is really nice. A few comments: - Re: missing support for TLSv1.x x>2. We should probably think this a bit more: TLSv1.3 would probably be in the wild by the time LURK is finished? [SE] I agree =96 I=92m not aware of any significant changes for TLSv1.3 for= this draft? I could be wrong about this. The changes I see to watch out fo= r are: - SignatureAlgorithm -> SignatureScheme https://tlswg.github.io/tls13-spec= /#rfc.section.6.3.2.1 - 0RTT, but that appears to be resumption only https://tlswg.github.io/tls= 13-spec/#rfc.section.6.2.3 [TF] I think one thing to monitor would be https://github.com/tlswg/tls13-s= pec/issues/443 which is to re-assert server's private key in 0-RTT. - There is no explicit requirement on the LURK box in terms of the algorithms it needs to support. What is the assumption? Probably there should to be an interface to allow the Server to know about the LURK box capabilities, so that it can negotiate TLS parameters with the client that won't fail the handshake mid-air? [SE] The LURK box should communicate it=92s list of SignatureAlgorithm/Sign= atureScheme=92s as it looks like that list will be more complex with TLSv1.= 3 (based on the link above) [TF] great. I suppose this would be part of the "LURK-X control-plane" tha= t needs to be specified for each X proposal. - I see the Server Key Exchange is still TBD, though a few things can be extrapolated from Section 4. I might be missing something, but I don't understand how the {client,server}_version fields would be relevant to a server_kx request? Which makes me wonder whether the request types could be refined a bit: it looks like server_kx and rsalg requests are different enough to be separate entities? Also, a RFC7627 version of rsalg would be quite different from the one currently defined. Any intention to support it? [SE] You=92re correct =96 the client/server version fields likely should be= removed from the server key exchange request (assuming no differences with= TLSv1.3). [SE] For an RFC7627 version of RSALG, the client/server random fields could= be made into a single variable length field? Is there overlap between a ne= ed to use RSALG (/RSA decryption) and RFC7627 support? (I wish I had data o= n that) [TF] Sorry Sam, I don't understand your question. - Cert/key rotation functionality is missing and I really think this should really be a requirement for any LURK proposal. [SE] I agree. A solution here does need to keep in mind that this may be ma= ny-to-many Servers to KeyOwners. Initial cert setup likely requires a messa= ge of some kind (with some arbitrary =93cert application use=94 field?). Ke= y rotation may just be a signal to go through the initial setup again (poss= ibly via some sort of additional parameter in each response to signify the = certificate has been rotated?). [TF] Sounds good to me. The periodic message could be something like: "I'm= Server X and I'm currently serving hostnames {H_i}, please provide any upd= ated credentials". There's a further point that I'm not very sure (I'd like to hear other people's opinion): the security of TLS is not limited to the signature/decryption process. A good pseudo-random source at the Server is also critical. Would it be within LURK scope to let the Key Owner audit relevant session parameters? This could help if the Server is compromised -- or if it's just misbehaving. [SE] If the goal is only auditing, simulating a real connection (as a clien= t) may be a better path for this. For both server_kx and rsalg, you would r= eceive server/client random values. [TF] I'd need to ponder on this a bit more. I'm not yet sure auditing woul= d be in scope. --_000_D36C780B68474thomasfossatialcatellucentcom_ Content-Type: text/html; charset="Windows-1252" Content-ID: <6DD3F26681E3E441B53206F28F2DF33A@exchange.lucent.com> Content-Transfer-Encoding: quoted-printable
Hi Sam,

Thanks very much for the detailed answers.  I've inlined a few comment= s.

I'm looking forward for an updated version of your draft =97 are you planni= ng to submit it before the interim?

Cheers, t

From: "Erb, Samuel" <<= a href=3D"mailto:serb@akamai.com">serb@akamai.com>
Date: Thursday, 19 May 2016 15:47 To: "Fossati, Thomas (Nokia - = GB)" <thomas.fossati@no= kia.com>, "dra= ft-erb-lurk-rsalg@ietf.org" <draft-erb-lurk-rsalg@ietf.org>
Cc: "lurk@ietf.org" <lurk@i= etf.org>
Subject: Re: review of draft-erb-lu= rk-rsalg-00

Hi Thomas,
Thanks for the comments & apologies for the slow reply.

Comments in line as [SE]
Thanks,
Sam

From: "Fossati, Thomas = (Nokia - GB)" <thomas.f= ossati@nokia.com>
Date: Saturday, April 2, 201= 6 at 5:39 PM
To: "draft-erb-lurk-rsalg@ietf.org" <= draft-erb-lurk-rsalg@ietf.= org>
Cc: "lurk@ietf.org" <lurk@ietf.org>
Subject: review of draft-erb= -lurk-rsalg-00

Hi,

thanks for the draft. The RSALG idea is really nice.

A few comments:

- Re: missing support for TLSv1.x x>2.  We should probabl= y think this a
bit more: TLSv1.3 would probably be in the wild by the time LURK is
finished?

[SE] I agree =96 I=92m not aware of any significant change= s for TLSv1.3 for this draft? I could be wrong about this. The changes I se= e to watch out for are:
 -&nbs= p;SignatureAlgorithm ->&nbs= p;SignatureScheme https://tlswg.github.io/tls13-spec/#rfc.se= ction.6.3.2.1
 - 0RTT, but that appears to be resumption only&= nbsp;https://tlswg.github.io/tls13-spec/#rfc.section.6.2.3

[TF] I think one thing to monitor would be https://github.com/tlswg/tls13-= spec/issues/443 which is to re-assert server's private key in 0-RT= T.

- There is no explicit requirement on the LURK box in terms of the
algorithms it needs to support.  What is the assumption?&nbs= p; Probably there
should to be an interface to allow the Server to know about the LURK b= ox
capabilities, so that it can negotiate TLS parameters with the client = that
won't fail the handshake mid-air?

[SE] The LURK box should communicate it=92s list of SignatureA= lgorithm/SignatureScheme=92s as it lo= oks like that list will be more complex with TLSv1.3 (based on the link above)

[TF] great.  I suppose this would be part of the "LURK-X c= ontrol-plane" that needs to be specified for each X proposal.

- I see the Server Key Exchange is still TBD, though a few things can = be
extrapolated from Section 4.  I might be missing something, = but I don't
understand how the {client,server}_version fields would be relevant to= a
server_kx request?  Which makes me wonder whether the reques= t types could
be refined a bit: it looks like server_kx and rsalg requests are diffe= rent
enough to be separate entities?  Also, a RFC7627 version of = rsalg would be
quite different from the one currently defined.  Any intenti= on to support
it?

[SE] You=92re correct =96 the client/server version fields= likely should be removed from the server key exchange request (assuming no= differences with TLSv1.3).
[SE] For an RFC7627 version of RSALG, the client/server ra= ndom fields could be made into a single variable length field? Is there ove= rlap between a need to use RSALG (/RSA decryption) and RFC7627 support? (I = wish I had data on that)

[TF] Sorry Sam,&n= bsp;I don't understand your question.

- Cert/key rotation functionality is missing  and I really t= hink this
should really be a requirement for any LURK proposal.

[SE] I agree. A solution here does need to keep in mind th= at this may be many-to-many Servers to KeyOwners. Initial cert setup likely= requires a message of some kind (with some arbitrary =93cert application u= se=94 field?). Key rotation may just be a signal to go through the initial setup again (possibly via some sort of ad= ditional parameter in each response to signify the certificate has been rot= ated?).

[TF] Sounds good to me.  The periodic message could be somethin= g like: "I'm Server X and I'm currently serving hostnames {H_i}, pleas= e provide any updated credentials".

There's a further point that I'm not very sure (I'd like to hear other=
people's opinion): the security of TLS is not limited to the
signature/decryption process.  A good pseudo-random source a= t the Server
is also critical.  Would it be within LURK scope to let the = Key Owner
audit relevant session parameters?  This could help if the S= erver is
compromised -- or if it's just misbehaving.

[SE] If the goal is only auditing, simulating a real conne= ction (as a client) may be a better path for this. For both server_kx and r= salg, you would receive server/client random values.

[TF] I'd need to ponder on this a bit more.=  I'm not yet sure auditing would be in scope.
--_000_D36C780B68474thomasfossatialcatellucentcom_-- From nobody Fri May 27 13:22:26 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8355612D629 for ; Fri, 27 May 2016 13:22:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAhPLce5Jjdr for ; Fri, 27 May 2016 13:22:24 -0700 (PDT) Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E590612D5C2 for ; Fri, 27 May 2016 13:22:23 -0700 (PDT) X-AuditID: c618062d-f79886d000002334-70-5748a3cdb4c8 Received: from EUSAAHC002.ericsson.se (Unknown_Domain [147.117.188.78]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id 42.33.09012.DC3A8475; Fri, 27 May 2016 21:45:17 +0200 (CEST) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC002.ericsson.se ([147.117.188.78]) with mapi id 14.03.0294.000; Fri, 27 May 2016 16:22:22 -0400 From: Daniel Migault To: "lurk@ietf.org" Thread-Topic: New Version Notification for draft-mglt-lurk-tls-use-cases-01.txt Thread-Index: AdG4VVbJdK7XUaK/SDmVyJJ1EoOtzg== Date: Fri, 27 May 2016 20:22:20 +0000 Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C112261E1E@eusaamb107.ericsson.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.9] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrELMWRmVeSWpSXmKPExsUyuXSPn+7ZxR7hBrO+mFu8XeNn8XL+M0aL /1s6WSw6pt1mdWDxmHxkAbPHkiU/mTw6fzN7tH4XDWCJ4rJJSc3JLEst0rdL4MpY9fsPY0Gf SMX8O02MDYxnhLsYOTkkBEwkzn04xwZhi0lcuLceyObiEBI4yigxs+8QlLOcUWL5jQdMIFVs AkYSbYf62UFsEQFliRsd68G6mQVmMklcO5YEYgsLBEg0LT/OBlETKDGtbxEThK0nserYbdYu Rg4OFgFVic2zlUDCvAK+ElO2b2MFsRmBjvh+ag0TxEhxiVtP5jNBHCcgsWTPeWYIW1Ti5eN/ rBC2osS+/unsICOZBTQl1u/Sh2hVlJjS/ZAdYrygxMmZT1gmMIrMQjJ1FkLHLCQds5B0LGBk WcXIUVpckJObbmSwiREYE8ck2HR3MN6f7nmIUYCDUYmHd4Gle7gQa2JZcWXuIUYJDmYlEd7V qz3ChXhTEiurUovy44tKc1KLDzFKc7AoifOKPVIMFxJITyxJzU5NLUgtgskycXBKNTDO/3ft uvv0HQs+3BduyfFcsufQkXCTfwJC5s/+vu2tYZ/McOhAU2xMKKub5eqlzvdC17vd+v18p/H2 Jxxx0/zv/PjtOtt3STIHf8AStrXNq26edvsqd/q31GGfyjrFJQHRBRc6Jwitu62wufNV69+V +5mXrevr3HY8U0hoxy0unXbWqTP2+OaWKbEUZyQaajEXFScCAHtAJFqFAgAA Archived-At: Cc: Oscar Gonzalez de Dios , Rich Salz , Kevin Ma J , Sanjay Mishra Subject: [Lurk] FW: New Version Notification for draft-mglt-lurk-tls-use-cases-01.txt X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2016 20:22:25 -0000 SGksIA0KDQpQbGVhc2UgZmluZCBhIG5ldyB2ZXJzaW9uIG9mIHRoZSB1c2UgY2FzZSBkcmFmdC4g Q29tbWVudHMgYXJlIGFzIGFsd2F5cyB3ZWxjb21lLg0KDQpCUiwgDQpEYW5pZWwNCg0KLS0tLS1P cmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IGludGVybmV0LWRyYWZ0c0BpZXRmLm9yZyBbbWFp bHRvOmludGVybmV0LWRyYWZ0c0BpZXRmLm9yZ10gDQpTZW50OiBGcmlkYXksIE1heSAyNywgMjAx NiA0OjIxIFBNDQpUbzogS2V2aW4gTWEgSjsgT3NjYXIgR29uemFsZXMgZGUgRGlvczsgT3NjYXIg R29uemFsZXogZGUgRGlvczsgS2V2aW4gTWEgSjsgUmljaCBTYWx6OyBTYW5qYXkgTWlzaHJhOyBE YW5pZWwgTWlnYXVsdA0KU3ViamVjdDogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9uIGZvciBkcmFm dC1tZ2x0LWx1cmstdGxzLXVzZS1jYXNlcy0wMS50eHQNCg0KDQpBIG5ldyB2ZXJzaW9uIG9mIEkt RCwgZHJhZnQtbWdsdC1sdXJrLXRscy11c2UtY2FzZXMtMDEudHh0DQpoYXMgYmVlbiBzdWNjZXNz ZnVsbHkgc3VibWl0dGVkIGJ5IERhbmllbCBNaWdhdWx0IGFuZCBwb3N0ZWQgdG8gdGhlIElFVEYg cmVwb3NpdG9yeS4NCg0KTmFtZToJCWRyYWZ0LW1nbHQtbHVyay10bHMtdXNlLWNhc2VzDQpSZXZp c2lvbjoJMDENClRpdGxlOgkJTFVSSyBUTFMvRFRMUyBVc2UgQ2FzZXMNCkRvY3VtZW50IGRhdGU6 CTIwMTYtMDUtMjcNCkdyb3VwOgkJSW5kaXZpZHVhbCBTdWJtaXNzaW9uDQpQYWdlczoJCTExDQpV Ukw6ICAgICAgICAgICAgaHR0cHM6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0 LW1nbHQtbHVyay10bHMtdXNlLWNhc2VzLTAxLnR4dA0KU3RhdHVzOiAgICAgICAgIGh0dHBzOi8v ZGF0YXRyYWNrZXIuaWV0Zi5vcmcvZG9jL2RyYWZ0LW1nbHQtbHVyay10bHMtdXNlLWNhc2VzLw0K SHRtbGl6ZWQ6ICAgICAgIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1tZ2x0LWx1 cmstdGxzLXVzZS1jYXNlcy0wMQ0KRGlmZjogICAgICAgICAgIGh0dHBzOi8vd3d3LmlldGYub3Jn L3JmY2RpZmY/dXJsMj1kcmFmdC1tZ2x0LWx1cmstdGxzLXVzZS1jYXNlcy0wMQ0KDQpBYnN0cmFj dDoNCiAgIFRMUyBhcyBiZWVuIGRlc2lnbmVkIHRvIHNldHVwIGFuZCBhdXRoZW50aWNhdGUgdHJh bnNwb3J0IGxheWVyDQogICBiZXR3ZWVuIGEgVExTIENsaWVudCBhbmQgYSBUTFMgU2VydmVyLiAg SW4gbW9zdCBjYXNlcywgdGhlIFRMUyBTZXJ2ZXINCiAgIGJvdGggdGVybWluYXRlcyB0aGUgVExT IENvbm5lY3Rpb24gYW5kIG93bnMgdGhlIGF1dGhlbnRpY2F0aW9uDQogICBjcmVkZW50aWFscyBu ZWNlc3NhcnkgdG8gYXV0aGVudGljYXRlIHRoZSBUTFMgQ29ubmVjdGlvbi4NCg0KICAgVGhpcyBk b2N1bWVudCBwcm92aWRlcyB1c2UgY2FzZXMgd2hlcmUgdGhlc2UgdHdvIGZ1bmN0aW9ucyBhcmUg c3BsaXQNCiAgIGludG8gZGlmZmVyZW50IGVudGl0aWVzLCBpLmUuIHRoZSBUTFMgQ29ubmVjdGlv biBpcyB0ZXJtaW5hdGVkIG9uIGFuDQogICBFZGdlIFNlcnZlciwgd2hpbGUgYXV0aGVudGljYXRp b24gY3JlZGVudGlhbHMgYXJlIGdlbmVyYXRlZCBieSBhIEtleQ0KICAgU2VydmVyLCB0aGF0IG93 bnMgdGhlIFByaXZhdGUgS2V5Lg0KDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQoNCg0KUGxl YXNlIG5vdGUgdGhhdCBpdCBtYXkgdGFrZSBhIGNvdXBsZSBvZiBtaW51dGVzIGZyb20gdGhlIHRp bWUgb2Ygc3VibWlzc2lvbiB1bnRpbCB0aGUgaHRtbGl6ZWQgdmVyc2lvbiBhbmQgZGlmZiBhcmUg YXZhaWxhYmxlIGF0IHRvb2xzLmlldGYub3JnLg0KDQpUaGUgSUVURiBTZWNyZXRhcmlhdA0KDQo= From nobody Sun May 29 19:30:48 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93A3012B015 for ; Sun, 29 May 2016 19:30:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.125 X-Spam-Level: X-Spam-Status: No, score=-4.125 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9I_0EfcanXVk for ; Sun, 29 May 2016 19:30:44 -0700 (PDT) Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 02EC212B013 for ; Sun, 29 May 2016 19:30:43 -0700 (PDT) Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 4901816C969 for ; Mon, 30 May 2016 02:30:43 +0000 (GMT) Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id 2901616C966 for ; Mon, 30 May 2016 02:30:43 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1464575443; bh=6IRKmoZl5IwNGIZwc7CeW0nBiQ27VWhaupb6Qmvn09Q=; l=12751; h=From:To:CC:Date:References:In-Reply-To:From; b=iyjgmkjP0IaqYQ26MqiV1DhDvVbKfQnkzsxWcs7XLzZdLjQvnXM4P6yyjxoji0IzR A+lWqBKCDEBy7Tv0zmuvaM65Ye1pEY6w3ZEFPbbIQ+WmgYYfJ7xZGLPJT31u6WvL3N gNUGhrUwO81HElw0O4mvdg8Y8/fEyKmUzXe85HVY= Received: from email.msg.corp.akamai.com (ustx2ex-cas5.msg.corp.akamai.com [172.27.25.34]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id 2609E98084 for ; Mon, 30 May 2016 02:30:43 +0000 (GMT) Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.27.104) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.27.104) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Sun, 29 May 2016 21:30:42 -0500 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.6.134]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.6.134]) with mapi id 15.00.1130.005; Sun, 29 May 2016 21:30:42 -0500 From: "Erb, Samuel" To: "lurk@ietf.org" Thread-Topic: New Version Notification for draft-erb-lurk-rsalg-01.txt Thread-Index: AQHRuVVmoAAp1slnNEW2FQudCnjcup/Q1KoA Date: Mon, 30 May 2016 02:30:42 +0000 Message-ID: References: <20160529025418.20221.31416.idtracker@ietfa.amsl.com> In-Reply-To: <20160529025418.20221.31416.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.15.1.160411 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.41.36] Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3547405852_459595959" MIME-Version: 1.0 Archived-At: Cc: "Salz, Rich" Subject: [Lurk] FW: New Version Notification for draft-erb-lurk-rsalg-01.txt X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2016 02:30:47 -0000 --B_3547405852_459595959 Content-type: multipart/alternative; boundary="B_3547405852_1695270561" --B_3547405852_1695270561 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Forwarding to the mailing list. Thanks, Sam From: "internet-drafts@ietf.org" Date: Saturday, May 28, 2016 at 10:54 PM To: "Erb, Samuel" , "Salz, Rich" Subject: New Version Notification for draft-erb-lurk-rsalg-01.txt A new version of I-D, draft-erb-lurk-rsalg-01.txt has been successfully submitted by Rich Salz and posted to the IETF repository. Name: draft-erb-lurk-rsalg Revision: 01 Title: A PFS-preserving protocol for LURK Document date: 2016-05-28 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-erb-lurk-rsalg-01.txt Status: https://datatracker.ietf.org/doc/draft-erb-lurk-rsalg/ Htmlized: https://tools.ietf.org/html/draft-erb-lurk-rsalg-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-erb-lurk-rsalg-01 Abstract: This document defines a protocol between a content provider and an external key owner that enables the provider to act as a TLS termination end-point for the key owner, without having the key actually being provisioned at the provider. The protocol between the two preserves forward secrecy, and is also designed to prevent the use of the key owner as a general-purpose signing oracle which would make it complicit in attacks against uses of the very keys it is trying to protect. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat --B_3547405852_1695270561 Content-type: text/html; charset="UTF-8" Content-transfer-encoding: quoted-printable
Forwarding to the = mailing list.
Thanks,
Sam

Fro= m: "internet-drafts@ietf.o= rg" <internet-drafts@ietf.o= rg>
Date: Saturday, May 28,= 2016 at 10:54 PM
To: "Erb, Samuel= " <serb@akamai.com>, "Salz, Rich"= <rsalz@akamai.com>
Subject: New Version Notification for draft-er= b-lurk-rsalg-01.txt


A new version of I-D, draft-erb-l= urk-rsalg-01.txt
has been successfully submitted by Rich Salz and = posted to the
IETF repository.

Name: draft-erb-lurk-rsalg
Revi= sion: 01
Title: A PFS-preserving prot= ocol for LURK
Document date: 2016-05-28
Group: Individual Submission
Pages: 10
= =

Abstract:
   This document defines a= protocol between a content provider and an
   external = key owner that enables the provider to act as a TLS
   t= ermination end-point for the key owner, without having the key
&nb= sp;  actually being provisioned at the provider.

   The protocol between the two preserves forward secrecy, and = is also
   designed to prevent the use of the key owner = as a general-purpose
   signing oracle which would make = it complicit in attacks against uses
   of the very keys= it is trying to protect.

    &= nbsp;            = ;            &nb= sp;            &= nbsp;            = ;            &nb= sp;            &= nbsp; 


Please note that it may = take a couple of minutes from the time of submission
until the htm= lized version and diff are available at tools.ietf.org.

=
The IETF Secretariat


--B_3547405852_1695270561-- --B_3547405852_459595959 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIQQQYJKoZIhvcNAQcCoIIQMjCCEC4CAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGggg4DMIIHxTCCBq2gAwIBAgIKO4aaBgACAAU1zjANBgkqhkiG9w0BAQUFADBeMRMwEQYK CZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGYWthbWFpMRQwEgYKCZImiZPyLGQB GRYEY29ycDEZMBcGA1UEAxMQQWthbWFpUEtJSXNzdWluZzAeFw0xNTA5MjExNDU2MjlaFw0x NjA5MTUxNDU2MjlaMGYxHDAaBgNVBAoTE0FrYW1haSBUZWNobm9sb2dpZXMxFzAVBgNVBAsT DkFVVE8tYm9zLW1wdTQ2MQ0wCwYDVQQDEwRzZXJiMR4wHAYJKoZIhvcNAQkBFg9zZXJiQGFr YW1haS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWGvnBOV6wAz6lxTYA 4W/AENf5QGM5y7yCJcHC5jxXLtrXx12SXksGqm/Y5KnLnq+6zjHTpEealiPx0iLrCYfYT2vh IKJacoX4BUKF5R6OjGnaBHBvLDHLxc86eoMiDnW7/78firraJhvd9jJQfPihxfOr3sUGljLh Iy6QytMIMR36mJyyoX/RtkErL9eTt/W0XWqTwaKaVdn3jVo/VfFW/hCrBbDOqHpyY5djAfDb HXbkkzldrctU/G5gbc8uHf/IWvp/cjspQNNrfk+PxSOsyA1LJoRIThL/YeSbwOyckE5E5iHX /nn08nGMhq8zV78e8laoxSkl1GrPLn+nRZILAgMBAAGjggR7MIIEdzALBgNVHQ8EBAMCBaAw MwYDVR0lBCwwKgYIKwYBBQUHAwcGCCsGAQUFBwMCBgorBgEEAYI3CgMEBggrBgEFBQcDBDAv BgNVHREEKDAmoCQGCisGAQQBgjcUAgOgFgwUc2VyYkBjb3JwLmFrYW1haS5jb20wHQYDVR0O BBYEFO6YSIklcyS623k9yutBJX0dMobEMB8GA1UdIwQYMBaAFAfstI6vZ4ZUiO+9sxRXSc+C TL8UMIIBOQYDVR0fBIIBMDCCASwwggEooIIBJKCCASCGJWh0dHA6Ly9ha2FtYWlwa2kvQWth bWFpUEtJSXNzdWluZy5jcmyGO2h0dHA6Ly9ha2FtYWlwa2kuZGZ3MDEuY29ycC5ha2FtYWku Y29tL0FrYW1haVBLSUlzc3VpbmcuY3JshoG5bGRhcDovLy9DTj1Ba2FtYWlQS0lJc3N1aW5n LENOPXVzbWExY2EtcGtpMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049 U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1mcixEQz1hZHN2Yz9jZXJ0aWZpY2F0ZVJl dm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwggG8 BggrBgEFBQcBAQSCAa4wggGqMFkGCCsGAQUFBzAChk1odHRwOi8vYWthbWFpcGtpL3VzbWEx Y2EtcGtpMS5rZW5kYWxsLmNvcnAuYWthbWFpLmNvbV9Ba2FtYWlQS0lJc3N1aW5nKDIpLmNy dDBvBggrBgEFBQcwAoZjaHR0cDovL2FrYW1haXBraS5kZncwMS5jb3JwLmFrYW1haS5jb20v dXNtYTFjYS1wa2kxLmtlbmRhbGwuY29ycC5ha2FtYWkuY29tX0FrYW1haVBLSUlzc3Vpbmco MikuY3J0MIGsBggrBgEFBQcwAoaBn2xkYXA6Ly8vQ049QWthbWFpUEtJSXNzdWluZyxDTj1B SUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJh dGlvbixEQz1mcixEQz1hZHN2Yz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2Vy dGlmaWNhdGlvbkF1dGhvcml0eTAtBggrBgEFBQcwAYYhaHR0cDovL2FrYW1haW9jc3AuYWth bWFpLmNvbS9vY3NwMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCILO5TqHuNQtgYWLB6Lj IYbSD4FJhOTfBYGQ+hQCAWQCARswQQYJKwYBBAGCNxUKBDQwMjAKBggrBgEFBQcDBzAKBggr BgEFBQcDAjAMBgorBgEEAYI3CgMEMAoGCCsGAQUFBwMEMEQGCSqGSIb3DQEJDwQ3MDUwDgYI KoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzANBgkq hkiG9w0BAQUFAAOCAQEAQVbbJDeJUpsN81U5VwtMu7o+9TmmdslB5T6TVxYBIZOwtTj8eUrY F33eMDlltEw4ABE6BVN6O0mx7uqcdu6s6HVc2Z0PmJVoPK7naWjewtqB3P0GaMJhhDJurOH5 jWFgsulWKvxLVLfm3x9YX9NhOfWJyYYbjwsbZ2WyLrPKzQEbxzma+FGpqzMv2MPJ3gUwS/Ne b5yRIgez7Gb8A16/e9Q3uoeRKh3mH17zG3qYqJLFtVfeHEdvYk7LtYVaScP37jcYDhLWWIpa 0hzn9QkVV5h6wNFifS8SD9HR4n6fIPDzNX5+X/N1AMvKsylaTZsEkaFJei8ECIS6++6ycp0q 4jCCBjYwggUeoAMCAQICChsbaFcAAAAAAAQwDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMN QWthbWFpUEtJUm9vdDAeFw0wOTA2MDMxMzE2MjFaFw0xOTA2MDMxMzI2MjFaMF4xEzARBgoJ kiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2FtYWkxFDASBgoJkiaJk/IsZAEZ FgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAoqPGGQN5Xz5QhjrAOiR5ZeKJ877eOxX2Ais/T5cLkVeRoJCv18uNcEhu RqbDl9G47784PzZi8nkjNbblwyXg8ZSweWnz1en5ZeDMdO6XQ8eQrKGMJ2FN70WUbW8uDJRw 6oGcnsLvcFiN3lKRi/RdSSuO649Tkfzq+A9zFcxABosmmYDCSJ1+B6noMarjHG62AjwjPotn Jo95wR7raXs+JRDsBVPXazas8aPduNyN/yBN/ianrjc/AKi2vzRETb98qvv3h2GWdif7nBew 1UN2dIKmImH3AA5djlfpjU4NtP+XCoBHUtaLg7Npi7+GsYLcmB0b63L02cs9QCXA4oOeawID AQABo4IDOjCCAzYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUB+y0jq9nhlSI772zFFdJ z4JMvxQwCwYDVR0PBAQDAgGGMBAGCSsGAQQBgjcVAQQDAgECMCMGCSsGAQQBgjcVAgQWBBSo J9lbQyx7FwMht3LPL4u8ambeJDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSME GDAWgBTYPTvz/hw6QnfgXMovZhPk2qAFDDCCATAGA1UdHwSCAScwggEjMIIBH6CCARugggEX hiJodHRwOi8vYWthbWFpcGtpL0FrYW1haVBLSVJvb3QuY3JshjhodHRwOi8vYWthbWFpcGtp LmRmdzAxLmNvcnAuYWthbWFpLmNvbS9Ba2FtYWlQS0lSb290LmNybIaBtmxkYXA6Ly8vQ049 QWthbWFpUEtJUm9vdCxDTj11c21hMWNhLXBraTAsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUy MFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZnIsREM9YWRzdmM/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1 dGlvblBvaW50MIIBTgYIKwYBBQUHAQEEggFAMIIBPDA7BggrBgEFBQcwAoYvaHR0cDovL2Fr YW1haXBraS91c21hMWNhLXBraTBfQWthbWFpUEtJUm9vdC5jcnQwUQYIKwYBBQUHMAKGRWh0 dHA6Ly9ha2FtYWlwa2kuZGZ3MDEuY29ycC5ha2FtYWkuY29tL3VzbWExY2EtcGtpMF9Ba2Ft YWlQS0lSb290LmNydDCBqQYIKwYBBQUHMAKGgZxsZGFwOi8vL0NOPUFrYW1haVBLSVJvb3Qs Q049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZp Z3VyYXRpb24sREM9ZnIsREM9YWRzdmM/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz PWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEBADkqmsMzAXzel+sF b7Z3lFZ3uydL4mgSW5taIvqlvy7gAFfWaAgkurkKqzDSVT4TRGH7eJP1yVK/L2R6oII4e6Nl JFM1iyD+AFhPR7qVzOAnrDlJD/v9q0JZBNDvNQSSApRMHQ0VYRuMC1HruQexFvqDBoqjJ1oE GYWthlOt+sLWXwqQxBILOGt0vcsUx/QJX3FRhLjEri+aO0XVBdRaNiZyB50kmhNelgWRPT5O sDuz17HVVF6R8KpDzOKCJ1nS/eUxW9nkxH0E5/BC2Q0IMP9TGxKs4j8qKTW2gbqOBDekUsWF Dgvv6HJlYSDJNwqy0j38ANOSuw0LPg6v6nLsDx0xggICMIIB/gIBATBsMF4xEzARBgoJkiaJ k/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2FtYWkxFDASBgoJkiaJk/IsZAEZFgRj b3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nAgo7hpoGAAIABTXOMA0GCWCGSAFlAwQC AQUAoGkwLwYJKoZIhvcNAQkEMSIEIJoXMJZArGEh7T/YS+qIzi1bfl7X3XJkkXD+v1+0Seep MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE2MDUzMDAyMzA1 MlowDQYJKoZIhvcNAQEBBQAEggEAihnZjVIx8LVR/a/hrSL6B+Tq0sFYjiDbwfy9sebFosHv /Mg33voMzkIq74lDsAn1EwSU2hpz+CX+iRy0QFA9YI2ssd5hfcglWrnvK+k9MWvM2K7C4VBQ TAB5r6T2GNBYbF2K4LvvMgXXNkofFtSgZropvP1u/CQ6enTTL69bDJACluzLPMC4BwM8fn1q cdK2KYaVLbpAiUdd1wiWBIx/DcTbIT+mh9lY3e43W+SXd59WlFTGqkO5Na/+eLozAzuWVFpp QdDmXWmI/hKMY5id4lLgsE2K5erq0X7PQf0bx1mZFuFWhUP121sBsHdHRVTP3wus9L7K9tcN D9NKeHeDgw== --B_3547405852_459595959-- From nobody Mon May 30 09:12:43 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA57E12D16C for ; Mon, 30 May 2016 09:12:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.012 X-Spam-Level: X-Spam-Status: No, score=-1.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=standardstrack.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yHXEGmECYKN8 for ; Mon, 30 May 2016 09:12:40 -0700 (PDT) Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.247.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9953312D12A for ; Mon, 30 May 2016 09:12:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=Mime-Version:To:Message-Id:Date:Subject: Content-Type:From; bh=X3ddSRFTNNN8MLgBrGObFS8ZbwRM0v1xwpN2PrhhzIY=; b=CI0ORzi qWT/ejKGwNl2ktaCEg079uhF73wNMvB10eBxMFS8DmuQ93YRjLiCjzKUj2xiBp8hqjnNd1oJw7SWK PJfuDp0HfqNCpoKEiTklR8MJTbs4Cdng+KR48+AJaQfVyMy78AUCcNGJtRG5JOM8oVNL1g0/KjYyT +O4RRaR/E4=; Received: from ip68-100-196-239.dc.dc.cox.net ([68.100.196.239]:51866 helo=[192.168.15.108]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86_1) (envelope-from ) id 1b7Pnu-0005M7-1t for lurk@ietf.org; Mon, 30 May 2016 09:12:39 -0700 From: Eric Burger X-Pgp-Agent: GPGMail 2.6b2 Content-Type: multipart/signed; boundary="Apple-Mail=_AB744B5E-80A2-43A7-89DC-4ACAD80A165B"; protocol="application/pgp-signature"; micalg=pgp-sha256 Date: Mon, 30 May 2016 12:12:40 -0400 Message-Id: <9C0FDC9B-AAA0-4532-AFAB-50BA145DE1A5@standardstrack.com> To: LURK BoF Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-OutGoing-Spam-Status: No, score=-2.9 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - standardstrack.com X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed X-Authenticated-Sender: biz104.inmotionhosting.com: eburger@standardstrack.com X-Source: X-Source-Args: X-Source-Dir: Archived-At: Subject: [Lurk] Reminder: LURK Interim X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2016 16:12:42 -0000 --Apple-Mail=_AB744B5E-80A2-43A7-89DC-4ACAD80A165B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii A reminder, the LURK Interim meeting is this Wednesday from 1300 - 1600 = UTC (6am PT / 9am ET / 1300 BT / 4pm IT / 9pm CT / 10pm JT / 11pm AET). I have slides from Yaron. Anyone else feel compelled to talk or lead a = discussion? JOIN WEBEX MEETING https://ietf.webex.com/ietf/j.php?MTID=3Dm2e02b106d10e0716c7e596fb97e6e5af= Meeting number: 644 206 627 Meeting password: nothing JOIN BY PHONE 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Access code: 644 206 627 Toll-free dialing restrictions: https://www.webex.com/pdf/tollfree_restrictions.pdf Can't join the meeting? Contact support here: https://ietf.webex.com/ietf/mc IMPORTANT NOTICE: Please note that this WebEx service allows audio and = other information sent during the session to be recorded, which may be = discoverable in a legal matter. By joining this session, you = automatically consent to such recordings. If you do not consent to being = recorded, discuss your concerns with the host or do not join the = session. --Apple-Mail=_AB744B5E-80A2-43A7-89DC-4ACAD80A165B Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXTGZ4AAoJEORoZaSQsc1IEiEP/03LFoj7WBiyvslM4htVIaCG DEwWg8kIhxx0kwMaKkhZ5jbfLKBrbhHxoCxFcJSfUUYfnGT4QAByuXndJRaaGp2z qsayd3a/O4L3OVwow8OTPFBBL0uQZ06YRLly+HkMUI0Bg8OUfp+4P9lP7/uiCX5D b1odELckGT9mOOMr2d3MMDC3007eUd9LZ6ERc4tIoOejkQHNPUWak0pqky3ma0n1 VEqze3eK54OfoDNmqZJGKMKCA34baR4fm9WlPU0SrrWnEPMHZ1Uz6yqfjh9BxbiP GfotEkZ0xuOrTtLLzmmKdAPhs1tRmpdL5C2bjnVsXmIojeoiaEctcY2t5Y9LAVjY /NdbrY6edOdZk2RIaYQ4X/kZgUF4dd+5Gw4LKO3qG54/0ZxSR5hqsBtSqUV294JO BNEL9XB5BrYJAdV/Vav6YiCXJ6/k4biaHNKb/Gg6xnJidJfd0/WuzNW3nprHPiID g6o0IfmOYKRgJYzV9XrE8BAsurrD2y3YDtQRCiQ50z1/F3Mk7Nf3Lp3xzE6G4eBI pu+HdJZJcyCG7MI1xwfa3o9kVoRx6i7tGAz1MvgrhIRXzM95PwytAZn6BA5fTmP9 oeqzLfdEkSUWzvNNt8oY3CWuQuC/0xMVAir0uyRLN5Qy0cvNJAnV+IYXaineVdb6 bgaE56kMz6HC8W3FEUpY =Ns8n -----END PGP SIGNATURE----- --Apple-Mail=_AB744B5E-80A2-43A7-89DC-4ACAD80A165B-- From nobody Mon May 30 09:47:36 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3269712D0D1 for ; Mon, 30 May 2016 09:47:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gTDInuoFUBv5 for ; Mon, 30 May 2016 09:47:33 -0700 (PDT) Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 064B012D12A for ; Mon, 30 May 2016 09:47:28 -0700 (PDT) X-AuditID: c618062d-f79886d000002334-45-574c65ca2927 Received: from EUSAAHC003.ericsson.se (Unknown_Domain [147.117.188.81]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id F4.F8.09012.AC56C475; Mon, 30 May 2016 18:09:47 +0200 (CEST) Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC003.ericsson.se ([147.117.188.81]) with mapi id 14.03.0294.000; Mon, 30 May 2016 12:47:26 -0400 From: Daniel Migault To: Eric Burger , LURK BoF Thread-Topic: [Lurk] Reminder: LURK Interim Thread-Index: AQHRuo4b5cbXnt8R+UWD8xG/psZ+1Z/RsDWA Date: Mon, 30 May 2016 16:47:26 +0000 Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C112268204@eusaamb107.ericsson.se> References: <9C0FDC9B-AAA0-4532-AFAB-50BA145DE1A5@standardstrack.com> In-Reply-To: <9C0FDC9B-AAA0-4532-AFAB-50BA145DE1A5@standardstrack.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.10] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRmVeSWpSXmKPExsUyuXRPoO7pVJ9wg845XBbTdvWyWrxd4+fA 5LFkyU8mj6bOxewBTFFcNimpOZllqUX6dglcGRNf7mQueM1VsfTBMZYGxsccXYycHBICJhId Dy8xQ9hiEhfurWcDsYUEjjJKPDlU3cXIBWQvZ5TY8m0eO0iCTcBIou1QP5gtIuAmsXX6W1YQ W1hAS+LH1TWsEHFtiXNb5zFB2EYSU7o7WEBsFgFViZ19p8FqeAV8JX5v/8cIscxV4sqvmWA2 J9DM+xtOg/UyAh30/dQaMJtZQFzi1pP5TBCHCkgs2XMe6mhRiZeP/7FC2EoSk5aeY4Wo15FY sPsTG4StLbFs4WtmiL2CEidnPmGZwCg6C8nYWUhaZiFpmYWkZQEjyypGjtLigpzcdCODTYzA WDgmwaa7g/H+dM9DjAIcjEo8vAp63uFCrIllxZW5hxglOJiVRHjnpPuEC/GmJFZWpRblxxeV 5qQWH2KU5mBREucVe6QYLiSQnliSmp2aWpBaBJNl4uCUamDcLb3rxEYNvumxC7ld+Ge7LmtW eGQftv42N/NdlQSPo3OiWS6+uR3sJdClN8NtTXLUCXMrT+vXDtmTXWsyJxi1FX5afTrwg/yC 3W03lx5fY8doq5mp8aK1oURhmtat75GXzn8JesJr8klM6OYsiV7DH5YiGosKn0tNs/FZtv/F 4UPdpe9WZH1VYinOSDTUYi4qTgQA1KkJXYECAAA= Archived-At: Subject: Re: [Lurk] Reminder: LURK Interim X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 May 2016 16:47:35 -0000 Hi,=20 I can briefly present the use case / show advancement of the protocol desi= gn.=20 BR,=20 Daniel -----Original Message----- From: Lurk [mailto:lurk-bounces@ietf.org] On Behalf Of Eric Burger Sent: Monday, May 30, 2016 12:13 PM To: LURK BoF Subject: [Lurk] Reminder: LURK Interim A reminder, the LURK Interim meeting is this Wednesday from 1300 - 1600 UTC= (6am PT / 9am ET / 1300 BT / 4pm IT / 9pm CT / 10pm JT / 11pm AET). I have slides from Yaron. Anyone else feel compelled to talk or lead a disc= ussion? JOIN WEBEX MEETING https://ietf.webex.com/ietf/j.php?MTID=3Dm2e02b106d10e0716c7e596fb97e6e5af Meeting number: 644 206 627 Meeting password: nothing JOIN BY PHONE 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Access code: 644 206 627 Toll-free dialing restrictions: https://www.webex.com/pdf/tollfree_restrictions.pdf Can't join the meeting? Contact support here: https://ietf.webex.com/ietf/mc IMPORTANT NOTICE: Please note that this WebEx service allows audio and othe= r information sent during the session to be recorded, which may be discover= able in a legal matter. By joining this session, you automatically consent = to such recordings. If you do not consent to being recorded, discuss your c= oncerns with the host or do not join the session. From nobody Mon May 30 17:39:39 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C942A12D0A1 for ; Mon, 30 May 2016 17:39:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.012 X-Spam-Level: X-Spam-Status: No, score=-1.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=standardstrack.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABcxDnYPbyNH for ; Mon, 30 May 2016 17:39:36 -0700 (PDT) Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.247.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48CAF12D173 for ; Mon, 30 May 2016 17:39:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=Mime-Version:To:Message-Id:Date:Subject: Content-Type:From; bh=n+L884Q1Vdpbcxet+WvdIpCi4MjzLi2d8+6oqsw9IF8=; b=NE8c3st TDmSnmiSjvOIjIQYEvCOczMRwdYcNvRr7JM/IpW5QkMmuN7HRnG3F1HL4djwD6a2B5fFR2ceOOk4w wuLJIOQhFGoQiwja+8E9KCuHYudPDjQf2ihBJNshTYKWBE6V+TdWMEOsYgl28Klr4Yf7+xMWgawzQ 6x1VQ6dNLs=; Received: from ip68-100-196-239.dc.dc.cox.net ([68.100.196.239]:56817 helo=[192.168.15.108]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86_1) (envelope-from ) id 1b7XiU-0008Tf-Ud for lurk@ietf.org; Mon, 30 May 2016 17:39:31 -0700 From: Eric Burger X-Pgp-Agent: GPGMail 2.6b2 Content-Type: multipart/signed; boundary="Apple-Mail=_33425EE1-DBFE-42E9-8D9D-3B20BED3C5B5"; protocol="application/pgp-signature"; micalg=pgp-sha256 Date: Mon, 30 May 2016 20:39:35 -0400 Message-Id: To: LURK BoF Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-OutGoing-Spam-Status: No, score=-2.9 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - standardstrack.com X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed X-Authenticated-Sender: biz104.inmotionhosting.com: eburger@standardstrack.com X-Source: X-Source-Args: X-Source-Dir: Archived-At: Subject: [Lurk] Useless factoid X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2016 00:39:38 -0000 --Apple-Mail=_33425EE1-DBFE-42E9-8D9D-3B20BED3C5B5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii LURK was the highest attended IETF session at IETF 99, and as such was = the highest attended BOF. It was second only to the SDNrg (IRTF) session = for the highest attended group meeting at the IETF. --Apple-Mail=_33425EE1-DBFE-42E9-8D9D-3B20BED3C5B5 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXTN1HAAoJEORoZaSQsc1IyJYP/3ulVVmV84At42keHjXbkO+9 rthvM3SdBraM4X3KwH3ekMztnUuW7AQ0hDKbT+R131V0jA5Q+5Cd20SnKsWGo1eD FZB9GuYV3ZNP18QAKHpof5iBeeoDutEMgRgdQ8njgRNtgw8JJS2kmIvqXNxIWT8f HFlxJ+TgJQhak8AAF1WU60s77MZCSCOR2zNJf9RABH9bW+uq+8W3xZd/QirPQQUk 9e205CkoJFDMP+ed3sF1uxyxrE6rRAUaRUGVO4ihgkyS1robYTBQ8t2jpx58OEsr M+pmPrsBbLjuECEkTmbCYYqyva3AVqU+AC//gH6clDxnu+OSbW13jRkN8F7JqRNf evtXqP3ej3j1z/8q+shqk5p0jnBZCX4KF6F/akbGwJNKMhSk1vjvjmd5IN0oepda BYgGlAhWnfAZA4yuQvPXdadOudPlUdezfLNBZLAJ9unM2BPQa1za+V2CuAp9aWN3 oZqwgAC/6PjnwRBYZpZfw5KnScsZgTbeu5CQJa208i1yuEJ6HgEDXxeWFrSNkIX3 EuINyy/qL+8VQ3FHcCJz1T1tgt8cmWWA5dFkr5vJmxJVKx+8u2mQTllQ5Ab6HRhE fSIx94nWryEZA1vkjxdIiFzjldVBWlfqCmftq9MRuTjU69dOtoVTt53skdcDn2ix NbLXZ0CEFDMbAn8Z2xjr =EnpP -----END PGP SIGNATURE----- --Apple-Mail=_33425EE1-DBFE-42E9-8D9D-3B20BED3C5B5-- From nobody Tue May 31 07:00:39 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D75E12D51D for ; Tue, 31 May 2016 07:00:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.125 X-Spam-Level: X-Spam-Status: No, score=-4.125 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8CZHVTqkkYt6 for ; Tue, 31 May 2016 07:00:30 -0700 (PDT) Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id 018D512D1EA for ; Tue, 31 May 2016 07:00:22 -0700 (PDT) Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 4BE1D16BECC; Tue, 31 May 2016 14:00:22 +0000 (GMT) Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id 2177916BEBB; Tue, 31 May 2016 14:00:22 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1464703222; bh=TUL92r00rvZ5CWmKrksSht3RqpBDbdDZ/pbwMVm4q1A=; l=11998; h=From:To:CC:Date:References:In-Reply-To:From; b=XzpF5SlZK+dHBod2gfEnMsz5h2LjfLh1TOcXT/zgxEh5eTQdVgNcqfsBSE59k6w7+ aRrGnrMTbb2WdN9l5r0PGhqCii4JVTYotNfCIw0lwCY97H8LqjFbEKjHcROKSQOeEd A9JI7zJdl/m3+LGmP3p7MoZk/+0sjecNvz/1YkuA= Received: from email.msg.corp.akamai.com (ustx2ex-cas4.msg.corp.akamai.com [172.27.25.33]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 055B71E092; Tue, 31 May 2016 14:00:22 +0000 (GMT) Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com (172.27.27.104) by ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.27.107) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Tue, 31 May 2016 07:00:21 -0700 Received: from USTX2EX-DAG1MB4.msg.corp.akamai.com ([172.27.6.134]) by ustx2ex-dag1mb4.msg.corp.akamai.com ([172.27.6.134]) with mapi id 15.00.1130.005; Tue, 31 May 2016 09:00:21 -0500 From: "Erb, Samuel" To: Eric Burger , LURK BoF Thread-Topic: [Lurk] Reminder: LURK Interim Thread-Index: AQHRuo4aTyW/eKuZDEqEpYamKRtQ+p/SBJkAgAEgqYA= Date: Tue, 31 May 2016 14:00:20 +0000 Message-ID: References: <9C0FDC9B-AAA0-4532-AFAB-50BA145DE1A5@standardstrack.com> <2DD56D786E600F45AC6BDE7DA4E8A8C112268204@eusaamb107.ericsson.se> In-Reply-To: <2DD56D786E600F45AC6BDE7DA4E8A8C112268204@eusaamb107.ericsson.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/f.15.1.160411 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.44.9] Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3547533635_1975302425" MIME-Version: 1.0 Archived-At: Cc: "Salz, Rich" , Daniel Migault Subject: Re: [Lurk] Reminder: LURK Interim X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2016 14:00:38 -0000 --B_3547533635_1975302425 Content-type: multipart/alternative; boundary="B_3547533635_1598458683" --B_3547533635_1598458683 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Hi Eric, Rich and I will be on the call and we would like to provide an update on our draft. We will send slides over today. Thanks, Sam From: Daniel Migault Date: Monday, May 30, 2016 at 12:47 PM To: Eric Burger , LURK BoF Subject: Re: [Lurk] Reminder: LURK Interim Hi, I can briefly present the use case / show advancement of the protocol design. BR, Daniel -----Original Message----- From: Lurk [mailto:lurk-bounces@ietf.org] On Behalf Of Eric Burger Sent: Monday, May 30, 2016 12:13 PM To: LURK BoF Subject: [Lurk] Reminder: LURK Interim A reminder, the LURK Interim meeting is this Wednesday from 1300 - 1600 UTC (6am PT / 9am ET / 1300 BT / 4pm IT / 9pm CT / 10pm JT / 11pm AET). I have slides from Yaron. Anyone else feel compelled to talk or lead a discussion? JOIN WEBEX MEETING https://ietf.webex.com/ietf/j.php?MTID=m2e02b106d10e0716c7e596fb97e6e5af Meeting number: 644 206 627 Meeting password: nothing JOIN BY PHONE 1-877-668-4493 Call-in toll free number (US/Canada) 1-650-479-3208 Call-in toll number (US/Canada) Access code: 644 206 627 Toll-free dialing restrictions: https://www.webex.com/pdf/tollfree_restrictions.pdf Can't join the meeting? Contact support here: https://ietf.webex.com/ietf/mc IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session. _______________________________________________ Lurk mailing list Lurk@ietf.org https://www.ietf.org/mailman/listinfo/lurk --B_3547533635_1598458683 Content-type: text/html; charset="UTF-8" Content-transfer-encoding: quoted-printable
Hi Eric,
Rich and I will be on the call and we would like to provid= e an update on our draft.

We will send slides over = today.
Thanks,
Sam

From: Daniel Migault <daniel.migault@ericsson.com>
Date: Monday, May 30, 2016 at 12:47 PM
To: Eric Burger <eburger@standardstrack.com>, LURK BoF <lurk@ietf.org>
Subject:= Re: [Lurk] Reminder: LURK Interim

Hi,

=
I can briefly present the use case / show advancement  of the= protocol design.

BR,
Daniel
= -----Original Message-----
From: Lurk [mailto:lurk-bounces@ietf.org] On Behalf Of Eric Burger
=
Sent: Monday, May 30, 2016 12:13 PM
To: LURK BoF
Su= bject: [Lurk] Reminder: LURK Interim

A reminder, th= e LURK Interim meeting is this Wednesday from 1300 - 1600 UTC (6am PT / 9am = ET / 1300 BT / 4pm IT / 9pm CT / 10pm JT / 11pm AET).

I have slides from Yaron. Anyone else feel compelled to talk or lead a di= scussion?




<= div>JOIN WEBEX MEETING
Meeting number: 644 206 6= 27
Meeting password: nothing


JOIN BY PHONE
1-877-668-4493 Call-in toll free number (US/Canad= a)
1-650-479-3208 Call-in toll number (US/Canada) Access code: 644= 206 627

Toll-free dialing restrictions:



Can't join the meeting? Contact support here:
https://ietf.webex.com/ietf/mc=


IMPORTANT NOTICE: Please note that = this WebEx service allows audio and other information sent during the sessio= n to be recorded, which may be discoverable in a legal matter. By joining th= is session, you automatically consent to such recordings. If you do not cons= ent to being recorded, discuss your concerns with the host or do not join th= e session.

________________________________________= _______
Lurk mailing list

--B_3547533635_1598458683-- --B_3547533635_1975302425 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIQQQYJKoZIhvcNAQcCoIIQMjCCEC4CAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGggg4DMIIHxTCCBq2gAwIBAgIKO4aaBgACAAU1zjANBgkqhkiG9w0BAQUFADBeMRMwEQYK CZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGYWthbWFpMRQwEgYKCZImiZPyLGQB GRYEY29ycDEZMBcGA1UEAxMQQWthbWFpUEtJSXNzdWluZzAeFw0xNTA5MjExNDU2MjlaFw0x NjA5MTUxNDU2MjlaMGYxHDAaBgNVBAoTE0FrYW1haSBUZWNobm9sb2dpZXMxFzAVBgNVBAsT DkFVVE8tYm9zLW1wdTQ2MQ0wCwYDVQQDEwRzZXJiMR4wHAYJKoZIhvcNAQkBFg9zZXJiQGFr YW1haS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWGvnBOV6wAz6lxTYA 4W/AENf5QGM5y7yCJcHC5jxXLtrXx12SXksGqm/Y5KnLnq+6zjHTpEealiPx0iLrCYfYT2vh IKJacoX4BUKF5R6OjGnaBHBvLDHLxc86eoMiDnW7/78firraJhvd9jJQfPihxfOr3sUGljLh Iy6QytMIMR36mJyyoX/RtkErL9eTt/W0XWqTwaKaVdn3jVo/VfFW/hCrBbDOqHpyY5djAfDb HXbkkzldrctU/G5gbc8uHf/IWvp/cjspQNNrfk+PxSOsyA1LJoRIThL/YeSbwOyckE5E5iHX /nn08nGMhq8zV78e8laoxSkl1GrPLn+nRZILAgMBAAGjggR7MIIEdzALBgNVHQ8EBAMCBaAw MwYDVR0lBCwwKgYIKwYBBQUHAwcGCCsGAQUFBwMCBgorBgEEAYI3CgMEBggrBgEFBQcDBDAv BgNVHREEKDAmoCQGCisGAQQBgjcUAgOgFgwUc2VyYkBjb3JwLmFrYW1haS5jb20wHQYDVR0O BBYEFO6YSIklcyS623k9yutBJX0dMobEMB8GA1UdIwQYMBaAFAfstI6vZ4ZUiO+9sxRXSc+C TL8UMIIBOQYDVR0fBIIBMDCCASwwggEooIIBJKCCASCGJWh0dHA6Ly9ha2FtYWlwa2kvQWth bWFpUEtJSXNzdWluZy5jcmyGO2h0dHA6Ly9ha2FtYWlwa2kuZGZ3MDEuY29ycC5ha2FtYWku Y29tL0FrYW1haVBLSUlzc3VpbmcuY3JshoG5bGRhcDovLy9DTj1Ba2FtYWlQS0lJc3N1aW5n LENOPXVzbWExY2EtcGtpMSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049 U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1mcixEQz1hZHN2Yz9jZXJ0aWZpY2F0ZVJl dm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwggG8 BggrBgEFBQcBAQSCAa4wggGqMFkGCCsGAQUFBzAChk1odHRwOi8vYWthbWFpcGtpL3VzbWEx Y2EtcGtpMS5rZW5kYWxsLmNvcnAuYWthbWFpLmNvbV9Ba2FtYWlQS0lJc3N1aW5nKDIpLmNy dDBvBggrBgEFBQcwAoZjaHR0cDovL2FrYW1haXBraS5kZncwMS5jb3JwLmFrYW1haS5jb20v dXNtYTFjYS1wa2kxLmtlbmRhbGwuY29ycC5ha2FtYWkuY29tX0FrYW1haVBLSUlzc3Vpbmco MikuY3J0MIGsBggrBgEFBQcwAoaBn2xkYXA6Ly8vQ049QWthbWFpUEtJSXNzdWluZyxDTj1B SUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJh dGlvbixEQz1mcixEQz1hZHN2Yz9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2Vy dGlmaWNhdGlvbkF1dGhvcml0eTAtBggrBgEFBQcwAYYhaHR0cDovL2FrYW1haW9jc3AuYWth bWFpLmNvbS9vY3NwMDwGCSsGAQQBgjcVBwQvMC0GJSsGAQQBgjcVCILO5TqHuNQtgYWLB6Lj IYbSD4FJhOTfBYGQ+hQCAWQCARswQQYJKwYBBAGCNxUKBDQwMjAKBggrBgEFBQcDBzAKBggr BgEFBQcDAjAMBgorBgEEAYI3CgMEMAoGCCsGAQUFBwMEMEQGCSqGSIb3DQEJDwQ3MDUwDgYI KoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzANBgkq hkiG9w0BAQUFAAOCAQEAQVbbJDeJUpsN81U5VwtMu7o+9TmmdslB5T6TVxYBIZOwtTj8eUrY F33eMDlltEw4ABE6BVN6O0mx7uqcdu6s6HVc2Z0PmJVoPK7naWjewtqB3P0GaMJhhDJurOH5 jWFgsulWKvxLVLfm3x9YX9NhOfWJyYYbjwsbZ2WyLrPKzQEbxzma+FGpqzMv2MPJ3gUwS/Ne b5yRIgez7Gb8A16/e9Q3uoeRKh3mH17zG3qYqJLFtVfeHEdvYk7LtYVaScP37jcYDhLWWIpa 0hzn9QkVV5h6wNFifS8SD9HR4n6fIPDzNX5+X/N1AMvKsylaTZsEkaFJei8ECIS6++6ycp0q 4jCCBjYwggUeoAMCAQICChsbaFcAAAAAAAQwDQYJKoZIhvcNAQEFBQAwGDEWMBQGA1UEAxMN QWthbWFpUEtJUm9vdDAeFw0wOTA2MDMxMzE2MjFaFw0xOTA2MDMxMzI2MjFaMF4xEzARBgoJ kiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2FtYWkxFDASBgoJkiaJk/IsZAEZ FgRjb3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAoqPGGQN5Xz5QhjrAOiR5ZeKJ877eOxX2Ais/T5cLkVeRoJCv18uNcEhu RqbDl9G47784PzZi8nkjNbblwyXg8ZSweWnz1en5ZeDMdO6XQ8eQrKGMJ2FN70WUbW8uDJRw 6oGcnsLvcFiN3lKRi/RdSSuO649Tkfzq+A9zFcxABosmmYDCSJ1+B6noMarjHG62AjwjPotn Jo95wR7raXs+JRDsBVPXazas8aPduNyN/yBN/ianrjc/AKi2vzRETb98qvv3h2GWdif7nBew 1UN2dIKmImH3AA5djlfpjU4NtP+XCoBHUtaLg7Npi7+GsYLcmB0b63L02cs9QCXA4oOeawID AQABo4IDOjCCAzYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUB+y0jq9nhlSI772zFFdJ z4JMvxQwCwYDVR0PBAQDAgGGMBAGCSsGAQQBgjcVAQQDAgECMCMGCSsGAQQBgjcVAgQWBBSo J9lbQyx7FwMht3LPL4u8ambeJDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSME GDAWgBTYPTvz/hw6QnfgXMovZhPk2qAFDDCCATAGA1UdHwSCAScwggEjMIIBH6CCARugggEX hiJodHRwOi8vYWthbWFpcGtpL0FrYW1haVBLSVJvb3QuY3JshjhodHRwOi8vYWthbWFpcGtp LmRmdzAxLmNvcnAuYWthbWFpLmNvbS9Ba2FtYWlQS0lSb290LmNybIaBtmxkYXA6Ly8vQ049 QWthbWFpUEtJUm9vdCxDTj11c21hMWNhLXBraTAsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUy MFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZnIsREM9YWRzdmM/ Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1 dGlvblBvaW50MIIBTgYIKwYBBQUHAQEEggFAMIIBPDA7BggrBgEFBQcwAoYvaHR0cDovL2Fr YW1haXBraS91c21hMWNhLXBraTBfQWthbWFpUEtJUm9vdC5jcnQwUQYIKwYBBQUHMAKGRWh0 dHA6Ly9ha2FtYWlwa2kuZGZ3MDEuY29ycC5ha2FtYWkuY29tL3VzbWExY2EtcGtpMF9Ba2Ft YWlQS0lSb290LmNydDCBqQYIKwYBBQUHMAKGgZxsZGFwOi8vL0NOPUFrYW1haVBLSVJvb3Qs Q049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZp Z3VyYXRpb24sREM9ZnIsREM9YWRzdmM/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz PWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEBADkqmsMzAXzel+sF b7Z3lFZ3uydL4mgSW5taIvqlvy7gAFfWaAgkurkKqzDSVT4TRGH7eJP1yVK/L2R6oII4e6Nl JFM1iyD+AFhPR7qVzOAnrDlJD/v9q0JZBNDvNQSSApRMHQ0VYRuMC1HruQexFvqDBoqjJ1oE GYWthlOt+sLWXwqQxBILOGt0vcsUx/QJX3FRhLjEri+aO0XVBdRaNiZyB50kmhNelgWRPT5O sDuz17HVVF6R8KpDzOKCJ1nS/eUxW9nkxH0E5/BC2Q0IMP9TGxKs4j8qKTW2gbqOBDekUsWF Dgvv6HJlYSDJNwqy0j38ANOSuw0LPg6v6nLsDx0xggICMIIB/gIBATBsMF4xEzARBgoJkiaJ k/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZha2FtYWkxFDASBgoJkiaJk/IsZAEZFgRj b3JwMRkwFwYDVQQDExBBa2FtYWlQS0lJc3N1aW5nAgo7hpoGAAIABTXOMA0GCWCGSAFlAwQC AQUAoGkwLwYJKoZIhvcNAQkEMSIEIOzfzf9rFiU7QwFbUiKiOv9TtTdchmwFc7m6y5B/5O9k MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE2MDUzMTE0MDAz NVowDQYJKoZIhvcNAQEBBQAEggEAov386xOqph6owoNX3Xowz/qUoJtaBfcmuVM3xVmyEw1d cJQS82LDsfN4Dh+wj4qHOO+BloDr6FkmgVximYeE3Vig9ZMHeErscHKD0I/pjU/OqB2nOoM3 6RrxRyb9fhDnsXJpsE4jsnvt3oPkiZ193ZDmav5JKJ1xsC9cQPkKvToVeBcVd5G+Pa8D5MF4 PFZ9rbnD34UCxzJjB5SnC5VMS6Txa96mZQa2o6+m0MeAquaxFyIZB2RATIvDQPrNRTv1lCn5 3CPfWMQrFQAeRB2flMTVnh0palwVh5dD/J88ATxGBY2X6lVgRN83u+4XevErzhDSgxxBxBnu sSxshsNBrA== --B_3547533635_1975302425-- From nobody Tue May 31 16:32:23 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E37E912D143 for ; Tue, 31 May 2016 16:32:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.388 X-Spam-Level: X-Spam-Status: No, score=0.388 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=standardstrack.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UueZIIvR7eGq for ; Tue, 31 May 2016 16:32:20 -0700 (PDT) Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.247.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C391B12D13F for ; Tue, 31 May 2016 16:32:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=Mime-Version:To:Message-Id:Date:Subject: Content-Type:From; bh=ZTRZoGQCneJKvynMy0FB5LOj9e6N9HPjfYbZhCs81DA=; b=mAKE0Qj 6KzKeYe9G/VpIPMtqTitkUBMO/7MXX202pmLI+IpsPvvjKlb9EtVEmclodwbEvt1FREQJXihIl78H jWaU8lzPo6o2npQzylNFH+Q02m0h0UjtLKQTEvnyWwZnHio03ch+Yfnwx3Afu7OE8tEz3VIPyKuhi sxSHQs88Ik=; Received: from ip68-100-196-239.dc.dc.cox.net ([68.100.196.239]:64250 helo=[192.168.15.108]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86_1) (envelope-from ) id 1b7t91-0008V5-LI for lurk@ietf.org; Tue, 31 May 2016 16:32:20 -0700 From: Eric Burger X-Pgp-Agent: GPGMail 2.6b2 Content-Type: multipart/signed; boundary="Apple-Mail=_417E5564-7AC4-4F0A-99CA-A97F8C14407A"; protocol="application/pgp-signature"; micalg=pgp-sha256 Date: Tue, 31 May 2016 19:32:25 -0400 Message-Id: To: LURK BoF Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-OutGoing-Spam-Status: No, score=-2.9 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - standardstrack.com X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed X-Authenticated-Sender: biz104.inmotionhosting.com: eburger@standardstrack.com X-Source: X-Source-Args: X-Source-Dir: Archived-At: Subject: [Lurk] Scribes X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2016 23:32:22 -0000 --Apple-Mail=_417E5564-7AC4-4F0A-99CA-A97F8C14407A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Can we get a pair of scribes to take notes for the interim WebEx = tomorrow? Please respond to me (Eric) directly, off-list. Thanks. --Apple-Mail=_417E5564-7AC4-4F0A-99CA-A97F8C14407A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXTh8JAAoJEORoZaSQsc1ILcQQAKEDi/V3rwy5dWNFn2Q3HA9p dGUr2fWMAOKooaxNI4vk+dmFp/0slcrQO+tkfsC99LAz8/FcV4PwrcZySHEoDbWO N8681rmqWZu8w3Pj8+q99zyxX8df92ZFjF/DehiEjM0LAZaFt7mHsIzZ3iIl2Otz Q8hu0fnHdeel5ufD+abBc7kg0aAjd+1Yny+e++pYP1HIh/LVCKFgkO7CthM40u5h AF142mkLDH4FU9GtdwhUxgwdm0StOnDANKyAA75A6iUOOXBG/ChzEUV/GPRB+GTn V7fcpgO1S8+nQEX8mOQy/uZwAj1B7JJwhmE1zArqlsl+xR4dPKZWuXEfCBVqXE0N 0Io89IaQlhyVZWEc6/DTugpS+PJgI/o5Max8XDZLiQYtnfEL0gPeFOeCUSyv5bte Mg8ympkUl6pEBD5M+vmuwu4XJPhYvXm0gBIkCFh05cSFSiypSgBxyzp9+ghtRhbP qvBL+kH3rW1zJbcN+Xt2RHXEkWnVGdk6T7F7D7vgHCfXtmpfvL7+iGf40yZuFTch /ONk98hQbM4BUhsycA+uRQy5Y+duHAGj8f0WjQHH70FWjdQx7UWHA+ucMp7vfEZi FfGgikZlVYOzYu+RTEDRLRz4GRzrbBx3MJlXueuiq+/J5F+C01+3IIznHAQnvgon j8UwiCBAc51R/Auq5a/k =mnss -----END PGP SIGNATURE----- --Apple-Mail=_417E5564-7AC4-4F0A-99CA-A97F8C14407A-- From nobody Tue May 31 17:35:41 2016 Return-Path: X-Original-To: lurk@ietfa.amsl.com Delivered-To: lurk@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0885812D13C for ; Tue, 31 May 2016 17:35:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.011 X-Spam-Level: X-Spam-Status: No, score=-1.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=standardstrack.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id STCKsaeGPOVT for ; Tue, 31 May 2016 17:35:38 -0700 (PDT) Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [173.247.247.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFA2112D908 for ; Tue, 31 May 2016 17:35:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=Mime-Version:To:Message-Id:Date:Subject: Content-Type:From; bh=EvhZQjhgwsleVVJT246naapS28hjW/Bl3ahrt1Vu7JM=; b=aZCOWOj rx9+ebnSijvEfeww+NbBdcltZ8NcDnQJ2qM9gIbqhpEWSGTtrqXnr3DnHY1wsNtafq2DmNT+ZJSBN 2WQN7N8uX+GqZnzmeb+Zi7c8eeXYnyum/eFXq2zhQbSvMAIy5BzI/kw1mgfNEY8PyPV0shlRpQt6k nsM0sovKok=; Received: from ip68-100-196-239.dc.dc.cox.net ([68.100.196.239]:52435 helo=[192.168.15.108]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86_1) (envelope-from ) id 1b7u89-0007bc-FK for lurk@ietf.org; Tue, 31 May 2016 17:35:33 -0700 From: Eric Burger X-Pgp-Agent: GPGMail 2.6b2 Content-Type: multipart/signed; boundary="Apple-Mail=_37825697-71C6-43AB-A822-C7F9473791F4"; protocol="application/pgp-signature"; micalg=pgp-sha256 Date: Tue, 31 May 2016 20:35:35 -0400 Message-Id: To: LURK BoF Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) X-OutGoing-Spam-Status: No, score=-2.9 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com X-AntiAbuse: Original Domain - ietf.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - standardstrack.com X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed X-Authenticated-Sender: biz104.inmotionhosting.com: eburger@standardstrack.com X-Source: X-Source-Args: X-Source-Dir: Archived-At: Subject: [Lurk] Interim Meeting Agenda and Materials X-BeenThere: lurk@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Limited Use of Remote Keys List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2016 00:35:40 -0000 --Apple-Mail=_37825697-71C6-43AB-A822-C7F9473791F4 Content-Type: multipart/alternative; boundary="Apple-Mail=_A56E8498-2059-445F-A58C-F006AF6D6C67" --Apple-Mail=_A56E8498-2059-445F-A58C-F006AF6D6C67 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 The agenda and materials are posted to the IETF meeting materials = manager. The links are below. HOWEVER, they do not seem to be publicly = available yet. As such, see https://www.standardstrack.com/ietf/lurk/=C2=A0= for a mirror of the = materials. Agenda Bashing (15 minutes) [Chairs Slides = ] Probe Use Cases (30 minutes) [LURK Use Case Slides = ] CDN-only / = https://datatracker.ietf.org/doc/draft-sheffer-lurk-cert-delegation/ = CDN-only / TLS/DTLS-only = https://datatracker.ietf.org/doc/draft-mglt-lurk-tls-use-cases/ = More than CDN-only / = https://datatracker.ietf.org/doc/draft-hallambaker-lurk = / Probe Solution Space Delegating TLS Certificates to a CDN (15 minutes) [Delegation Slides = ] https://datatracker.ietf.org/doc/draft-sheffer-lurk-cert-delegation/=C2=A0= LURK TLS/DTLS Content Provider Edge Server (10 minutes =E2=80=93 no = draft) [Slides = ] https://datatracker.ietf.org/doc/draft-mglt-lurk-tls-abstract-api/ = PFS-preserving protocol for LURK (15 minutes) [PFS Slides = ] https://datatracker.ietf.org/doc/draft-erb-lurk-rsalg/ = Discussion: What does LURK look like? (10 minutes) Discussion: Way forward (25 minutes) --Apple-Mail=_A56E8498-2059-445F-A58C-F006AF6D6C67 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 The agenda and materials are posted to the IETF meeting = materials manager. The links are below. HOWEVER, they do not seem to be = publicly available yet. As such, see https://www.standardstrack.com/ietf/lurk/ for a = mirror of the materials.


= --Apple-Mail=_A56E8498-2059-445F-A58C-F006AF6D6C67-- --Apple-Mail=_37825697-71C6-43AB-A822-C7F9473791F4 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXTi3XAAoJEORoZaSQsc1I17oP/ieBB7KX4B7vomR0QYBG3Cfz wMRx2yxiCdTMBvX8WKCyw1/ZoCLYhX0k05PuxBaoBUpjfqOENLY5ZFpI/MFad1Uz VJJHqg9jcKtWO4lookFN6F8gn9/olx774Aq6RrxOrgsiZwVrrMcFQqt4AHfzvQYS Vc+lTJrGxmyJc6cLCX469jTjSqpZqB0uZ9o8IjaRQmoN8ujoRiV8qDbHwUoJ780P /01lGvjIbP/Qy3hKAIq+TKGrhqHMG3HileQIDGiOMYXHH669CN90B+UcvO+Ilw1Y rxi9DJ1a99k1ST+eLBcob58sXUmXdejU1R5KF/pB9kZvncfkzroLvoa5bPvWO1ux BjAdgNjkCv8DK6904nAT+EbVirQJyuBNomGeMHMbK5A3vLp52E/X6nPpBulrAoOp PyxipoSKMQhqnz6AZRZuE5IvDKs3/4cX5s0GL3wqBSMSsWDlcs1OiE3fHyVp4au8 kyO4kFQU0Q0314XYOYVCTa28R8QnrTrOFXLXP3nn0nzm51vmdIh68z78Jgk2UckG 1pxT9nSYE4BOql2CT4jyXiqB3H2FHFsqaTNj/mZiD0C6O+sGWk2fI8ZOcDLxJX9h +EC5wsJ2A8nFQ9kBM2J137CVOvqo1eHlPAZD4maJZ8eWaLIrx79ndw2ql38+J7J3 pUnW6t2+rspKuF3SzcB1 =N4JJ -----END PGP SIGNATURE----- --Apple-Mail=_37825697-71C6-43AB-A822-C7F9473791F4--